IntruMine: Mining intruders in untrustworthy data of cyber-physical systems

Lu An Tang; Quanquan Gu; Xiao Yu; Jiawei Han; Thomas La Porta; Alice Leung; Tarek Abdelzaher; Lance Kaplan

doi:10.1137/1.9781611972825.52

IntruMine: Mining intruders in untrustworthy data of cyber-physical systems

Lu An Tang, Quanquan Gu, Xiao Yu, Jiawei Han, Thomas La Porta, Alice Leung, Tarek Abdelzaher, Lance Kaplan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.

Original language	English (US)
Title of host publication	Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012
Publisher	Society for Industrial and Applied Mathematics Publications
Pages	600-611
Number of pages	12
ISBN (Print)	9781611972320
DOIs	https://doi.org/10.1137/1.9781611972825.52
State	Published - 2012
Event	12th SIAM International Conference on Data Mining, SDM 2012 - Anaheim, CA, United States Duration: Apr 26 2012 → Apr 28 2012

Publication series

Name	Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012

Other

Other	12th SIAM International Conference on Data Mining, SDM 2012
Country/Territory	United States
City	Anaheim, CA
Period	4/26/12 → 4/28/12

ASJC Scopus subject areas

Computer Science Applications

Online availability

10.1137/1.9781611972825.52

Library availability

Discover UIUC Full Text

Cite this

Tang, L. A., Gu, Q., Yu, X., Han, J., La Porta, T., Leung, A., Abdelzaher, T., & Kaplan, L. (2012). IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. In Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012 (pp. 600-611). (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012). Society for Industrial and Applied Mathematics Publications. https://doi.org/10.1137/1.9781611972825.52

IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. / Tang, Lu An; Gu, Quanquan; Yu, Xiao et al.
Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. Society for Industrial and Applied Mathematics Publications, 2012. p. 600-611 (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Tang, LA, Gu, Q, Yu, X, Han, J, La Porta, T, Leung, A, Abdelzaher, T & Kaplan, L 2012, IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. in Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012, Society for Industrial and Applied Mathematics Publications, pp. 600-611, 12th SIAM International Conference on Data Mining, SDM 2012, Anaheim, CA, United States, 4/26/12. https://doi.org/10.1137/1.9781611972825.52

Tang LA, Gu Q, Yu X, Han J, La Porta T, Leung A et al. IntruMine: Mining intruders in untrustworthy data of cyber-physical systems. In Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012. Society for Industrial and Applied Mathematics Publications. 2012. p. 600-611. (Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012). doi: 10.1137/1.9781611972825.52

@inproceedings{1e43801be7b443f9987b2696d099f8e2,

title = "IntruMine: Mining intruders in untrustworthy data of cyber-physical systems",

abstract = "A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.",

author = "Tang, {Lu An} and Quanquan Gu and Xiao Yu and Jiawei Han and {La Porta}, Thomas and Alice Leung and Tarek Abdelzaher and Lance Kaplan",

year = "2012",

doi = "10.1137/1.9781611972825.52",

language = "English (US)",

isbn = "9781611972320",

series = "Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012",

publisher = "Society for Industrial and Applied Mathematics Publications",

pages = "600--611",

booktitle = "Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012",

address = "United States",

note = "12th SIAM International Conference on Data Mining, SDM 2012 ; Conference date: 26-04-2012 Through 28-04-2012",

}

TY - GEN

T1 - IntruMine

T2 - 12th SIAM International Conference on Data Mining, SDM 2012

AU - Tang, Lu An

AU - Gu, Quanquan

AU - Yu, Xiao

AU - Han, Jiawei

AU - La Porta, Thomas

AU - Leung, Alice

AU - Abdelzaher, Tarek

AU - Kaplan, Lance

PY - 2012

Y1 - 2012

N2 - A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.

AB - A Cyber-Physical System (CPS) integrates physical (i.e., sensor) devices with cyber (i.e., informational) components to form a situation-aware system that re- sponds intelligently to dynamic changes in real-world. It has wide application to scenarios of traffic control, en- vironment monitoring and battlefield surveillance. This study investigates the specific problem of intruder min- ing in CPS: With a large number of sensors deployed in a designated area, the task is real time detection of intruders who enter the area, based on untrustworthy data. We propose a method called IntruMine to detect and verify the intruders. IntruMine constructs monitor- ing graphs to model the relationships between sensors and possible intruders, and computes the position and energy of each intruder with the link information from these monitoring graphs. Finally, a confidence rating is calculated for each potential detection, reducing false positives in the results. IntruMine is a generalized ap- proach. Two classical methods of intruder detection can be seen as special cases of IntruMine under certain con- ditions. We conduct extensive experiments to evaluate the performance of IntruMine on both synthetic and real datasets and the experimental results show that IntruMine has better effectiveness and e±ciency than existing methods.

UR - http://www.scopus.com/inward/record.url?scp=84862271526&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84862271526&partnerID=8YFLogxK

U2 - 10.1137/1.9781611972825.52

DO - 10.1137/1.9781611972825.52

M3 - Conference contribution

AN - SCOPUS:84862271526

SN - 9781611972320

T3 - Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012

SP - 600

EP - 611

BT - Proceedings of the 12th SIAM International Conference on Data Mining, SDM 2012

PB - Society for Industrial and Applied Mathematics Publications

Y2 - 26 April 2012 through 28 April 2012

ER -

IntruMine: Mining intruders in untrustworthy data of cyber-physical systems

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this