A Pvalue-guided Anomaly Detection Approach Combining Multiple Heterogeneous Log Parser Algorithms on IIoT Systems
This addresses security for IIoT systems vulnerable to advanced persistent threats, though it appears incremental as it builds on existing log parsing and anomaly detection methods.
The paper tackles anomaly detection in Industrial Internet of Things (IIoT) systems by proposing a p-value-guided approach that combines multiple heterogeneous log parser algorithms, using blockchain to prevent log tampering. It demonstrates effectiveness on real-world HDFS and IIoT logs, showing abnormal events can be recognized.
Industrial Internet of Things (IIoT) is becoming an attack target of advanced persistent threat (APT). Currently, IIoT logs have not been effectively used for anomaly detection. In this paper, we use blockchain to prevent logs from being tampered with and propose a pvalue-guided anomaly detection approach. This approach uses statistical pvalues to combine multiple heterogeneous log parser algorithms. The weighted edit distance is selected as a score function to calculate the nonconformity score between a log and a predefined event. The pvalue is calculated based on the non-conformity scores which indicate how well a log matches an event. This approach is tested on a large number of real-world HDFS logs and IIoT logs. The experiment results show that abnormal events could be effectively recognized by our pvalue-guided approach.