ASTREAM: Data-Stream-Driven Scalable Anomaly Detection With Accuracy Guarantee in IIoT Environment

Abstract

Intrusion detection exerts a crucial influence on securing the IIoT driven by anomaly detection approaches. Dissimilar with the static data, the intrusion detection data is in the form of a dynamic data stream possessing the properties of infiniteness, correlations, and data distribution change.However, these properties cause some issues for current anomaly detection approaches.Firstly, it is impractical to save the whole dataset due to the infiniteness.Secondly, the correlations are hardly considered.Thirdly, the data distribution change cant be appropriately handled due to a lack of model update and change detection strategy. Thus, we propose ASTREAM(anomaly detection in data streams), a novel anomaly detection approach that merges sliding window, model update, and change detection strategies into LSHiForest to achieve accurate and efficient anomaly detection with better scalability. ASTREAM has the following characteristics:(a)the sliding window can be utilized to handle the infiniteness of data streams;(b)the introduced PCA can consider the correlations between different attributes;(c)the change detection and model update can detect data distribution change in time and train the new model. Comprehensive experiments are implemented on the KDDCUP99 dataset to validate ASTREAM performance.Experiment results reveal that ASTREAM outperforms baselines in aspects of accuracy and efficiency and has better scalability.