Anomaly detection for multivariate time series in IoT using discrete wavelet decomposition and dual graph attention networks

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-08-24 DOI:10.1016/j.cose.2024.104075

Shujiang Xie , Lian Li , Yian Zhu

{"title":"Anomaly detection for multivariate time series in IoT using discrete wavelet decomposition and dual graph attention networks","authors":"Shujiang Xie , Lian Li , Yian Zhu","doi":"10.1016/j.cose.2024.104075","DOIUrl":null,"url":null,"abstract":"<div><p>Effective anomaly detection in multivariate time series data is critical to ensuring the security of Internet of Things (IoT) devices and systems. However, building a high precision and low false positive rate anomaly detection model for the complex and volatile IoT environment is a challenging task. This is often due to issues such as a lack of anomaly labeling, high data volatility, and the complexity of device mechanisms. Traditional machine learning algorithms and sequence models frequently fail to account for feature correlation and temporal dependency in anomaly detection. Although deep learning-based anomaly detection methods have progressed, there is still room for improvement in precision, recall, and generalization ability. In this paper, we propose an anomaly detection model called Meta-MWDG to address these issues. The model is based on a multi-scale discrete wavelet decomposition and a dual graph attention network, which can effectively extract feature correlation and temporal dependency in multivariate time series data. Additionally, model-agnostic meta-learning (MAML) is introduced to improve the model’s generalization performance, enabling it to perform well on new tasks even with a few samples. A gated recurrent unit (GRU) is combined with a multi-head self-attention network to output both prediction and reconstruction results in a joint optimization strategy, improving the precision of anomaly detection. Extensive experimental studies demonstrate that Meta-MWDG outperforms the state-of-the-art methods in anomaly detection.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003808","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Effective anomaly detection in multivariate time series data is critical to ensuring the security of Internet of Things (IoT) devices and systems. However, building a high precision and low false positive rate anomaly detection model for the complex and volatile IoT environment is a challenging task. This is often due to issues such as a lack of anomaly labeling, high data volatility, and the complexity of device mechanisms. Traditional machine learning algorithms and sequence models frequently fail to account for feature correlation and temporal dependency in anomaly detection. Although deep learning-based anomaly detection methods have progressed, there is still room for improvement in precision, recall, and generalization ability. In this paper, we propose an anomaly detection model called Meta-MWDG to address these issues. The model is based on a multi-scale discrete wavelet decomposition and a dual graph attention network, which can effectively extract feature correlation and temporal dependency in multivariate time series data. Additionally, model-agnostic meta-learning (MAML) is introduced to improve the model’s generalization performance, enabling it to perform well on new tasks even with a few samples. A gated recurrent unit (GRU) is combined with a multi-head self-attention network to output both prediction and reconstruction results in a joint optimization strategy, improving the precision of anomaly detection. Extensive experimental studies demonstrate that Meta-MWDG outperforms the state-of-the-art methods in anomaly detection.

查看原文本刊更多论文

利用离散小波分解和双图注意网络进行物联网多变量时间序列异常检测

在多变量时间序列数据中进行有效的异常检测对于确保物联网（IoT）设备和系统的安全至关重要。然而，为复杂多变的物联网环境建立高精度、低误报率的异常检测模型是一项极具挑战性的任务。这通常是由于缺乏异常标记、数据波动性大以及设备机制复杂等问题造成的。传统的机器学习算法和序列模型经常无法在异常检测中考虑特征相关性和时间依赖性。虽然基于深度学习的异常检测方法取得了进展，但在精度、召回率和泛化能力方面仍有改进空间。本文提出了一种名为 Meta-MWDG 的异常检测模型来解决这些问题。该模型基于多尺度离散小波分解和双图注意力网络，能有效提取多变量时间序列数据中的特征相关性和时间依赖性。此外，为了提高模型的泛化性能，该模型还引入了与模型无关的元学习（MAML），使其即使在样本很少的情况下也能在新任务中表现出色。门控递归单元（GRU）与多头自注意网络相结合，以联合优化策略输出预测和重建结果，提高了异常检测的精度。广泛的实验研究表明，Meta-MWDG 在异常检测方面优于最先进的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.