Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression

Hubert Schölnast; Paul Tavolato; Philipp Kreimel

doi:10.5220/0008964104980505

Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression

Hubert Schölnast, Paul Tavolato, Philipp Kreimel

2020

Abstract

Anomaly detection in operational communication data of cyber-physical systems is an important part of any monitoring activity in such systems. This paper suggests a new method of anomaly detection named crossover data compression (CDC). The method belongs to the group of information theoretic approaches and is based on the notion of Kullback-Leibler Divergence. Data blocks are compressed by a Sequitur-like algorithm and the resulting grammars describing the compression are applied cross-over to the all the other data blocks. Divergences are calculated from the length of the different compressions and the mean values of these divergences are used to classify the data in normal and anomalous. The paper describes the method in detail and shows the results derived from a real-world example (communication data from a substation).

Download

Paper Citation

in Harvard Style

Schölnast H., Tavolato P. and Kreimel P. (2020). Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression . In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 498-505. DOI: 10.5220/0008964104980505

in Bibtex Style

@conference{icissp20,
author={Hubert Schölnast and Paul Tavolato and Philipp Kreimel},
title={Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression },
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={498-505},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008964104980505},
isbn={978-989-758-399-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Anomaly Detection in Communication Networks of Cyber-physical Systems using Cross-over Data Compression
SN - 978-989-758-399-5
AU - Schölnast H.
AU - Tavolato P.
AU - Kreimel P.
PY - 2020
SP - 498
EP - 505
DO - 10.5220/0008964104980505