anomaly detection

Today, due to highly advanced attacks and intrusions, it has become very difficult to detect IoT attacks in cloud environments. Other problems with cloud systems include low error detection accuracy, false positive rates, and long computation times. In the proposed method, we present a hybrid intrusion detection model including a clustering algorithm and a machine-based random forest classification for fog and cloud environments. Also, to control the network traffic in the physical layer and also to detect anomalies between IoT devices, calculations will be performed on the fog and the edges of the cloud, so that after preprocessing, the incoming traffic to the fog and cloud will be checked and if necessary They are directed to an anomaly detection module. A random forest-based learning classification was used to identify the type of each attack. General data and cloud data have been used for research. The overall accuracy of the proposed intrusion detection system was 98.03 and the mean false positive rate was 17% and the anomaly detection rate was 96.30, which is considerable compared to previous methods.

Visual tracking of microscopic objects is one of the most important studies of dynamic biological processes and requires automated segmentation and tracking methods. It is often limited to the morphology of objects or human study and lacks the automation and scalability to detect objects, track the path of any object, and examine their topology with the detection of related anomalies. This paper presents a fast scalable agent-oriented method for automatic detection, real-time video tracking, simultaneous tracking of microscopic objects, monitoring object behavior, and their topology based on graph theory applicable to the Internet of Things. It has no mentioned restrictions. Its segmentation method is a combination of temporal and spatial changes of the image to detect moving objects and predict their movement path, and the possibility of detecting individual anomalies of the object (death, moving a stop, collision of objects, a sudden departure from and a sudden entry into processing frame). Provides abrupt onset and onset of anomalies (network splitting, batch changes, batch decomposition, batch spacing, attenuation, and network collapse). The results of experimental experiments to track microscopic objects of sperm and birds in 2D images of 3D video film show that it has 99% sensitivity and 97% accuracy of instantaneous detection of objects with 99% detection accuracy. In monitoring and tracking, correlation and collision of sperm objects have an accuracy of 99.8% and in birds due to environmental noise and error detection in rapid topology changes, birds have an accuracy of 88%.

This paper presents a new approach to the detection of asymptomatic anomalies based on the signal processing related to local information of graph that simultaneously detects small compact anomalous subgraphs in the unknown graphs of large social networks. It also introduces a novell sampling algorithm based on compressive sensing to retrieve the sparse properties of static networks, which aims to improve the accuracy of anomaly detection while reducing the complexity of data sampling. The results of experimental experiments with artificial random and real datasets of social networks in comparison with the state-of-the-art methods showed that the proposed approach, in addition to having the accuracy of simultaneous detection of anomalous compact subgraphs, the computational complexity reduced from O(n^4 √(log⁡n )) to O(n^2) in the n node networks and is easily applicable in complex dynamic networks.

Since the detection of anomalies in dynamic social networks takes place in a sequence of graphs over time, in addition to the storage management challenge, the detection process is difficult due to the slow evolution of graphs. A number of graphs are selected in the specified time frame, and by examining the changes of these graphs, the possible anomalies are detected. Therefore, choosing the number of time points (graphs) in the sequence of graphs is an important challenge in the detection of anomalies. In this paper, a novel method is proposed to detect anomalies based on structural data extracted from dynamic social network graphs. By extracting the centrality indicators from the network graph and their normalized mean, the activity criterion for each individual has been defined. Over time, changes in the activity criterion for each individual are measured and marked as the possibility of normal or abnormal behavior. If the individual's behavior measure exceeds a certain threshold, it is reported as an anomaly. The results show that the   proposed method detects more anomalies with the accuracy and recall of 64.29 and 81.82 respectively, for the VAST 2008 data set. It also, detects more anomalies by selecting different number of time points in the graph sequence.

Software defined networks have attracted enormous attention because they simplify the process of setting up the     network. They have been able to leave behind in a short time, most of the technologies that were used in traditional networks by industrialists and researchers. The ease and efficiency are due to the separation of control and data planes from each other such that the control plane is a logically centralized controller and the data plane switches in as the flow table has been implemented. In these networks, network topology adjustment is done using a flow table that has special flow rules and network services, such as Qos, security and etc., which operate as programs on the network. Flow tables can be directly or indirectly changed by any of these services in the network. Although access to the table of current units simplifies network configurations, it could lead to anomalies between flow rules for separate modules. In addition to consuming too much switch memory, these anomalies can cause problems for network security and    applications. Fortunately, so far, some researches on the detection of anomalies in flow tables of software defined  networks has been done but this method is not only imposing a great deal of time and processing on the controller, in some cases only conflict resolution has been performed. In this paper we have shown how to speed up the detection algorithm and then tried to improve the speed of anomaly detection algorithm in the flow table of switches in the    software defined networks using different variables.

Anomaly detection is an important issue in a wide range of applications, such as security, health and intrusion detection in social networks. Most of the developed methods only use graph structural or content information to detect anomalies. Due to the integrated structure of many networks, such as social networks, applying these methods faces limitations and this has led to the development of hybrid methods. In this paper, a proposed hybrid method for anomaly detection is presented based on community detection in graph and feature selection which exploits anomalies as incompatible members in communities and uses an algorithm based on the detection and combination of similar communities. The experimental results of the proposed method on two datasets with real anomalies demonstrate its capability in the detection of anomalous nodes which is comparable to the latest scientific methods.

The use of social networks to communicate and share information has grown dramatically in recent years. These networks are nowadays used in most areas such as education, business, health and entertainment. The large amount of valuable information on social networks has made them the main target of malicious users, such as spammers and fraudsters, for carrying out abusive and illegal activities. The abnormal and unexpected behavior of these users is identified using anomaly detection methods. Detection of anomalies is important in preventing fraud, dissemination of counterfeit information and configuration of attacks in these networks.  Anomalies are static or dynamic, with or without attributes. In this paper, various methods developed for anomaly detection in social networks have been investigated and categorized and an overview provided on anomaly detection, its applications, existing challenges and key areas for future research.

Feature selection is one of the key challenges in developing intrusion detection systems. Classification algorithms in intrusion detection systems may be inconvenient for problems having so many features, because the size of the search space grows exponentially in terms of the number of features. This is while most of the features may be either irrelevant or redundant. Therefore, considering only relevant features (i.e. feature selection) may have a significant impact on the performance of the classification algorithms. The Imperialist Competitive Algorithm (ICA) can be used as a feature selection method with a high convergence, but it sometimes gets trapped in a local optimum. On the contrary, the Genetic Algorithm (GA) is powerful enough in terms of search for solutions, but it suffers from late convergence. Therefore, using a combination of both algorithms for feature selection may result in a rapid convergence as well as in a high precision. In this paper, by applying the Assimilate operator of the ICA to the GA, we propose a new feature selection algorithm for intrusion detection systems. The proposed algorithm has been tested on the KDD99 dataset using the decision tree classification. The experimental results show that the proposed algorithm has improved the detection rate (95.03%), false alarm rate (1.46) and the speed of convergence (3.82 second).

Anomaly detection refers to the problem of finding patterns in data that do not conform to expected behavior. Development of advanced anomaly detection and failure diagnosis technologies for satellite launch vehicle (SLV) is a quite significant issue in the aerospace industry, because the space environment is harsh, distant and uncertain.Current SLV health monitoring and fault diagnosis practices involve around-the-clock limit-checking or simple trend analysis using text or graphical displays on large amount of telemetry data. This procedure, which requires large numbers of human experts, is of course cumbersome and time-consuming. Furthermore, humans are not always able to recognize anomalous situations. In this paper, a systematic and transparent diagnostic methodology will be proposed and developed within intelligent anomaly detectioon framework for SLV health monitoring. Experimental results show that the proposed method is capable of characterizing and monitoring interactions between multiple spacecraft parameters and can provide additional insight and valuable decision support for controllers and engineers.