Skip to main content

Advertisement

SpringerLink
Log in

Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network

  • Emerging Trends of Applied Neural Computation - E_TRAINCO
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The backbone of the economy, security and sustainability of a state is inseparably linked to the security of its critical infrastructure. Critical infrastructures define goods, systems or subsystems that are essential to maintain the vital functions of society, health, physical protection, security plus economic and social well-being of citizens. The digital security of critical infrastructures is a very important priority for the well-being of every country, especially nowadays, because of the direct threats dictated by the current international conjuncture and due to the emerging interactions or interconnections developed between the National Critical Infrastructures, internationally. The aim of this research is the development and testing of an Anomaly Detection intelligent algorithm that has the advantage to run very fast with a small portion of the available data and to perform equally well with the existing approaches. Such a system must be characterized by high efficiency and very fast execution. Thus, we present the Gryphon advanced intelligence system. Gryphon is a Semi-Supervised Unary Anomaly Detection System for big industrial data which is employing an evolving Spiking Neural Network (eSNN) One-Class Classifier (eSNN-OCC). This machine learning algorithm corresponds to a model capable of detecting very fast and efficiently, divergent behaviors and abnormalities associated with cyberattacks, which are known as Advanced Persistent Threat (APT). The training process is performed on data related to the normal function of a critical infrastructure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Hurst W, Merabti M, Fergus P (2014) A survey of critical infrastructure security. In: Butts J, Shenoi S (eds) Critical infrastructure protection VIII. ICCIP 2014. IFIP Advances in information and communication technology, vol 441. Springer, Berlin

  2. Yusufovna F, Alisherovich F, Choi M, Cho E, Abdurashidovich F, Kim T (2009) Research on critical infrastructures and critical information infrastructures. In: Proceedings of the symposium on bio-inspired learning and intelligent systems for security, pp 97–101

  3. Hurst W, Merabti M, Fergus P (2013) Behavioral observation for critical infrastructure security support. In: Proceedings of the seventh IEEE European modeling symposium, pp 36–41

  4. Wang C, Fang L, Dai Y (2010) A simulation environment for SCADA security analysis and assessment. In: Proceedings of the international conference on measuring technology and mechatronics automation, vol 1, pp 342–347

  5. Walker J, Williams B, Skelton G (2010) Cyber security for emergency management. In: Proceedings of the IEEE international conference on technologies for homeland security, pp 476–480

  6. Jeun I, Lee Y, Won D (2012) A practical study on advanced persistent threats. In: Kim T et al (eds) Computer applications for security, control and system engineering. Communications in computer and information science, vol 339. Springer, Berlin

    Google Scholar 

  7. Demertzis K, Iliadis LS, Anezakis V-D (2018) An innovative soft computing system for smart energy grids cybersecurity. In: Santamouris M (ed) Advances in building energy research. Taylor & Francis, London, pp 1–22

    Google Scholar 

  8. Demertzis K, Iliadis L (2014) A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis A, Kardasiadou Z, Yialouris C, Zorkadis V (eds) E-democracy, security, privacy and trust in a digital world. e-Democracy 2013. Communications in computer and information science, vol 441. Springer, Cham

    Google Scholar 

  9. Demertzis K, Iliadis L (2014) Evolving computational intelligence system for malware detection. In: Iliadis L, Papazoglou M, Pohl K (eds) Advanced information systems engineering workshops. CAiSE 2014. Lecture notes in business information processing, vol 178. Springer, Cham. https://doi.org/10.1007/978-3-319-07869-4_30

  10. Demertzis K, Iliadis L (2014) Bio-inspired hybrid artificial intelligence framework for cyber security. In: Daras N, Rassias M (eds) Computation, cryptography, and network security. Springer, Cham

    Google Scholar 

  11. Demertzis K, Iliadis L (2014d) Bio-inspired hybrid intelligent method for detecting android malware. In: Iliadis L, Papazoglou M, Pohl K (eds) Advanced information systems engineering workshops. CAiSE 2014. Lecture notes in business information processing, vol 178. Springer, Cham

  12. Demertzis K, Iliadis L (2015a) Evolving smart URL filter in a zone-based policy firewall for detecting algorithmically generated malicious domains. In: Gammerman A, Vovk V, Papadopoulos H (eds) Statistical learning and data sciences. SLDS 2015. Lecture notes in computer science, vol 9047. Springer, Cham

  13. Demertzis K, Iliadis L (2015b) SAME: an intelligent anti-malware extension for android ART virtual machine. In: Núñez M, Nguyen N, Camacho D, Trawiński B (eds) Computational collective intelligence. Lecture notes in computer science, vol 9330. Springer, Cham

  14. Demertzis K, Iliadis L (2017) Computational intelligence anti-malware framework for android OS. Vietnam J Comput Sci 4:245. https://doi.org/10.1007/s40595-017-0095-3

    Article  Google Scholar 

  15. Demertzis K, Iliadis L (2016) Ladon: a cyber-threat bio-inspired intelligence management system. J Appl Math Bioinform 6(3):45–64

    Google Scholar 

  16. Shehroz SΚ, Madden MG (2014) One-class classification: taxonomy of study and review of techniques. Knowl Eng Rev. https://doi.org/10.1017/S026988891300043X

    Article  Google Scholar 

  17. Mao J, Jain AK, Duin PW (2000) Statistical pattern recognition: a review. IEEE Trans Pattern Anal Mach Intell 22(1):4–37

    Article  Google Scholar 

  18. Ban T, Abe S (2006) Implementing multi-class classifiers by one-class classification methods. In: International joint conference on neural networks, pp 327–332

  19. Munoz-Mari J, Bovolo F, Gomez-Chova L, Bruzzone L, Camp-Valls G (2010) Semisupervised one-class support vector machines for classification of remote sensing data. IEEE Trans Geosci Remote Sens 48(8):3188–3197. https://doi.org/10.1109/TGRS.2010.2045764

    Article  Google Scholar 

  20. Roth V (2006) Kernel fisher discriminants for outlier detection. Neural Comput 18(4):942–960

    Article  MathSciNet  Google Scholar 

  21. Abe N, Zadrozny B, Langford J (2006) Outlier detection by active learning. In: Proceedings of the 12th ACM SIGKDD international conference on knowledge discovery and data mining, pp 767–772. ACM Press, New York

  22. Tax DMJ, Muller KR (2004) A consistency-based model selection for one-class classification. In: Proceedings of the 17th international conference on pattern recognition (ICPR 2004), vol 3, pp 363–366

  23. Wilk T, Wozniak M (2012) Soft computing methods applied to combination of one-class classifiers. Neurocomputing 75:185–193

    Article  Google Scholar 

  24. Huang W, Li N, Lin Z, Huang GB, Zong W, Zhou J, Duan Y (2013) Liver tumor detection and segmentation using kernel based extreme learning machine. In: IEEE conference on Engineering in Medicine and Biology Society (EMBC), pp 3662–3665, 3–7 July

  25. Zhu WZ (2015) Data and feature mixed ensemble based extreme learning machine for medical object detection and segmentation. Multimed Tools Appl 75:2815–2837

    Article  Google Scholar 

  26. Juszczak P (2006) Learning to recognize. A study on one-class classification and active learning. Ph.D. thesis, Delft University of Technology

  27. Luo J, Ding L, Pan Z, Ni G, Hu G (2007) Research on cost-sensitive learning in one-class anomaly detection algorithms. In: Xiao B, Yang LT, Ma J, Muller-Schloer C, Hua Y (eds) Autonomic and trusted computing, vol 4610. Lecture notes in computer science. Springer, Berlin, pp 259–268

    Chapter  Google Scholar 

  28. Tax DMJ, Laskov P (2003) Online SVM learning: from classification to data description and back. In: IEEE 13th workshop on neural networks for signal processing, (NNSP’03), pp 499–508. IEEE

  29. Manevitz L, Yousef M (2001) One-class SVM for document classification. J Mach Learn Res 2:139–154

    MATH  Google Scholar 

  30. Manevitz L, Yousef M (2007) One-class document classification via neural networks. Neurocomputing 70:1466–1481

    Article  Google Scholar 

  31. Shieh AD, Kamm DF (2009) Ensembles of one class support vector machines, vol 5519. Lecture notes in computer science. Springer, Berlin, pp 181–190

    Google Scholar 

  32. Chen Q, Abdelwahed S (2013) A model-based approach to self-protection in computing system. In: Proceeding CAC ‘13 of the ACM cloud and autonomic computing conference, article No. 16

  33. Soupionis Y, Ntalampiras S, Giannopoulos G (2016) Vol 8985 of the book series Lecture notes in computer science. https://doi.org/10.1007/978-3-319-31664-2_29

  34. Tao X, Renmu H, Peng W, Dongjie X (2004) Applications of data mining technique for power system transient stability prediction. Proc IEEE Electr Util Deregul Restruct Power Technol 1:389–392

    Article  Google Scholar 

  35. Yasakethu SLP, Jiang J (2013) Intrusion detection via machine learning for SCADA system protection, learning and development ltd. In: Proceedings of the 1st international symposium for ICS and SCADA cyber security research

  36. Weiss J (2003) Current status of cybersecurity of control systems. In: Presentation to Georgia Tech protective relay conference

  37. Boyer SΑ (2010) SCADA: supervisory control and data acquisition, 4th edn. International Society of Automation, Research Triangle Park

    Google Scholar 

  38. Demertzis K, Iliadis L, Spartalis S (2017) A spiking one-class anomaly detection framework for cyber-security on industrial control systems. In: Boracchi G, Iliadis L, Jayne C, Likas A (eds) Engineering applications of neural networks. EANN 2017. Communications in computer and information science, vol 744. Springer, Cham

  39. Bougoudis I, Demertzis K, Iliadis L, Anezakis VD, Papaleonidas A (2016) Semi-supervised hybrid modeling of atmospheric pollution in urban centers. In: Proceedings engineering applications of neural networks. EANN 2016. Communications in computer and information science, vol 629. Springer

  40. Kecman V (2001) Learning and soft computing. MIT Press, Cambridge

    MATH  Google Scholar 

  41. Iliadis L (2007) Intelligent systems and application in risk estimation. In: Stamoulis A (eds) Thessaloniki, Greece. ISBN: 978-960-6741-33-3

  42. Iliadis L, Papaleonidas A (2016) Computational intelligence an intelligent agents. In: Tziolas A (eds) Thessaloniki, Greece. ISBN: 978-960-418-601-3

  43. Schliebs S, Kasabov N (2013) Evolving spiking neural network—a survey. Evol Syst 4:87. https://doi.org/10.1007/s12530-013-9074-9

    Article  Google Scholar 

  44. Sjostrom J, Gerstner W (2010) Spike-timing dependent plasticity. In: Scholarpedia 5.2. Revision 142314, p 1362

  45. Swiercz W, Swiercz W, Cios KJ, Staley K, Kurgan L, Accurso F, Sagel S (2006) A new synaptic plasticity rule for networks of spiking neurons. IEEE Trans Neural Netw 17(1):94–105

    Article  Google Scholar 

  46. Sen P, Namata G, Bilgic M, Getoor L, Galligher B, Rad ET (2008) Collective classification in network data. Adv Artif Intell 29(3):93–106

    Google Scholar 

  47. Zwillinger D, Kokoska S (2000) CRC standard probability and statistics tables and formulae. CRC Press, Boca Raton

    MATH  Google Scholar 

  48. Morris TH, Thornton Z, Turnipseed I (2015) Industrial control system simulation and data logging for intrusion detection system research. Int J Netw Secur (IJNS) 17(2):174–188

    Google Scholar 

  49. Fawcett T (2006) An introduction to ROC analysis. Pattern Recognit Lett 27(8):861–874. https://doi.org/10.1016/j.patrec.2005.10.010

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Engineering, Department of Civil Engineering, Faculty of Mathematics Programming and General Courses, Democritus University of Thrace, Kimmeria, Xanthi, Greece

    Konstantinos Demertzis & Lazaros Iliadis

  2. Institute of Environmental Physics, DOAS Group, University of Bremen, Otto-Hahn Allee 1, 28359, Bremen, Germany

    Ilias Bougoudis

Authors
  1. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Iliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ilias Bougoudis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Demertzis.

Ethics declarations

Conflict of interest

The authors certify that they have NO affiliations with or involvement in any organization or entity with any financial interest (such as honoraria; educational grants; participation in speakers’ bureaus; membership, employment, consultancies, stock ownership, or other equity interest; and expert testimony or patent-licensing arrangements), or non-financial interest (such as personal or professional relationships, affiliations, knowledge or beliefs) in the subject matter or materials discussed in this manuscript.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Demertzis, K., Iliadis, L. & Bougoudis, I. Gryphon: a semi-supervised anomaly detection system based on one-class evolving spiking neural network. Neural Comput & Applic 32, 4303–4314 (2020). https://doi.org/10.1007/s00521-019-04363-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-019-04363-x

Keywords

Search

Navigation