IntruMine: Mining intruders in untrustworthy data of cyber-physical systems

Lu An Tang, Quanquan Gu, Xiao Yu, Jiawei Han, Thomas F. La Porta, Alice Leung, Tarek Abdelzaher, Lance Kaplan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.

Original languageEnglish (US)
Title of host publicationProceedings of the 12th SIAM International Conference on Data Mining, SDM 2012
Pages600-611
Number of pages12
StatePublished - Dec 1 2012
Event12th SIAM International Conference on Data Mining, SDM 2012 - Anaheim, CA, United States
Duration: Apr 26 2012Apr 28 2012

Publication series

NameProceedings of the 12th SIAM International Conference on Data Mining, SDM 2012

Other

Other12th SIAM International Conference on Data Mining, SDM 2012
CountryUnited States
CityAnaheim, CA
Period4/26/124/28/12

Fingerprint

Monitoring
Sensors
Traffic control
Cyber Physical System
Experiments

All Science Journal Classification (ASJC) codes

  • Computer Science Applications

Cite this

Tang, L. A., Gu, Q., Yu, X., Han, J., La Porta, T. F., Leung, A., ... Kaplan, L. (2012). IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. In Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012 (pp. 600-611). (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012).
Tang, Lu An ; Gu, Quanquan ; Yu, Xiao ; Han, Jiawei ; La Porta, Thomas F. ; Leung, Alice ; Abdelzaher, Tarek ; Kaplan, Lance. / IntruMine : Mining intruders in untrustworthy data of cyber-physical systems. Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. 2012. pp. 600-611 (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012).
@inproceedings{051f82443f1048d895d2468b7ca94d79,
title = "IntruMine: Mining intruders in untrustworthy data of cyber-physical systems",
abstract = "A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.",
author = "Tang, {Lu An} and Quanquan Gu and Xiao Yu and Jiawei Han and {La Porta}, {Thomas F.} and Alice Leung and Tarek Abdelzaher and Lance Kaplan",
year = "2012",
month = "12",
day = "1",
language = "English (US)",
isbn = "9781611972320",
series = "Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012",
pages = "600--611",
booktitle = "Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012",

}

Tang, LA, Gu, Q, Yu, X, Han, J, La Porta, TF, Leung, A, Abdelzaher, T & Kaplan, L 2012, IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. in Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012, pp. 600-611, 12th SIAM International Conference on Data Mining, SDM 2012, Anaheim, CA, United States, 4/26/12.

IntruMine : Mining intruders in untrustworthy data of cyber-physical systems. / Tang, Lu An; Gu, Quanquan; Yu, Xiao; Han, Jiawei; La Porta, Thomas F.; Leung, Alice; Abdelzaher, Tarek; Kaplan, Lance.

Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. 2012. p. 600-611 (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - IntruMine

T2 - Mining intruders in untrustworthy data of cyber-physical systems

AU - Tang, Lu An

AU - Gu, Quanquan

AU - Yu, Xiao

AU - Han, Jiawei

AU - La Porta, Thomas F.

AU - Leung, Alice

AU - Abdelzaher, Tarek

AU - Kaplan, Lance

PY - 2012/12/1

Y1 - 2012/12/1

N2 - A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.

AB - A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.

UR - http://www.scopus.com/inward/record.url?scp=84862271526&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84862271526&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84862271526

SN - 9781611972320

T3 - Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012

SP - 600

EP - 611

BT - Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012

ER -

Tang LA, Gu Q, Yu X, Han J, La Porta TF, Leung A et al. IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. In Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. 2012. p. 600-611. (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012).