Anomaly Detection and Objective Security Evaluation Using Autoencoder, Isolation Forest, and Multi-Criteria Decision Methods
Abstract
1. Introduction
2. Related Work
3. Methodology
3.1. Autoencoder
3.2. Isolation Forest
- When initially constructing an Isolation Tree (ITree), m samples are uniformly drawn from n groups of sampled data to form a subsample.
- Within the subsample, a feature dimension is randomly selected. A value k is then randomly chosen within the range of this feature’s values (between the minimum and maximum). The samples are categorized into two groups based on this value: those with values less than k are allocated to the left branch, while those with values no less than k are placed in the right branch.
- The process in Step 2 is then repeated on the newly generated left and right data subsets. The splitting continues until either the data can no longer be divided or the number of splits reaches , at which point the splitting operation stops.
3.3. TOPSIS
4. Results
4.1. Anomaly Detection
4.2. Evaluation Methods
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Katsantonis, M.N.; Manikas, A.; Mavridis, I.; Gritzalis, D. Cyber range design framework for cyber security education and training. Int. J. Inf. Secur. 2023, 22, 1005–1027. [Google Scholar] [CrossRef]
- Cohen, F. Simulating cyber attacks, defences, and consequences. Comput. Secur. 1999, 18, 479–518. [Google Scholar] [CrossRef]
- StJohn-Green, M.; Piggin, R.; McDermid, J.A.; Oates, R. Combined security and safety risk assessment—What needs to be done for ICS and the IoT. In Proceedings of the 10th IET System Safety and Cyber-Security Conference, Bristol, UK, 21–22 October 2015; pp. 1–7. [Google Scholar]
- Kim, H.; Choi, H.; Kang, H.; An, J.; Yeom, S.; Hong, T. A systematic review of the smart energy conservation system: From smart homes to sustainable smart cities. Renew. Sustain. Energy Rev. 2021, 140, 110755. [Google Scholar] [CrossRef]
- McLaughlin, S.; Konstantinou, C.; Wang, X.; Davi, L.; Sadeghi, A.; Maniatakos, M.; Karri, R. The cybersecurity landscape in industrial control systems. Proc. IEEE 2016, 104, 1039–1057. [Google Scholar] [CrossRef]
- Giuliano, V.; Formicola, V. ICSrange: A simulation-based cyber range platform for industrial control systems. arXiv 2019, arXiv:1909.01910. [Google Scholar] [CrossRef]
- Khan, S.; Volpatto, A.; Kalra, G.; Esteban, J.; Pescanoce, T.; Caporusso, S.; Siegel, M. Cyber Range for Industrial Control Systems (CR-ICS) for Simulating Attack Scenarios. In Proceedings of the ITASEC 2021, Online, 7–9 April 2021; pp. 246–259. [Google Scholar]
- Dehlaghi-Ghadim, A.; Balador, A.; Moghadam, M.H.; Hansson, H.; Conti, M. ICSSIM—A framework for building industrial control systems security testbeds. Comput. Ind. 2023, 148, 103906. [Google Scholar]
- Bhattacharya, S.; Hyder, B.; Govindarasu, M. ICS-CTM2: Industrial Control System Cybersecurity Testbed Maturity Model. In Proceedings of the 2022 Resilience Week (RWS), National Harbor, MD, USA, 26–29 September 2022; pp. 1–6. [Google Scholar]
- Ukwandu, E.; Farah, M.A.B.; Hindy, H.; Brosset, D.; Kavallieros, D.; Atkinson, R.; Tachtatzis, C.; Bures, M.; Andonovic, I.; Bellekens, X. A review of cyber-ranges and test-beds: Current and future trends. Sensors 2020, 20, 7148. [Google Scholar] [CrossRef] [PubMed]
- Becerra, M.A.; Tobón, C.; Castro-Ospina, A.E.; Peluffo-Ordóñez, D.H. Information quality assessment for data fusion systems. Data 2021, 6, 60. [Google Scholar] [CrossRef]
- Canalle, G.K.; Salgado, A.C.; Loscio, B.F. A survey on data fusion: What for? in what form? what is next? J. Intell. Inf. Syst. 2021, 57, 25–50. [Google Scholar]
- Kotenko, I.; Fedorchenko, A.; Doynikova, E. Data analytics for security management of complex heterogeneous systems: Event correlation and security assessment tasks. Adv. Cyber Secur. Anal. Decis. Syst. 2020, 79–116. [Google Scholar]
- Tuma, K.; Lee, R.V.D. The role of diversity in cybersecurity risk analysis: An experimental plan. In Proceedings of the Third Workshop on Gender Equality, Diversity, and Inclusion in Software Engineering, Pittsburgh, PA, USA, 20 May 2022; pp. 12–18. [Google Scholar]
- Shalyga, D.; Filonov, P.; Lavrentyev, A. Anomaly detection for water treatment system based on neural network with automatic architecture optimization. arXiv 2018, arXiv:1807.07282. [Google Scholar] [CrossRef]
- Lin, Q.; Adepu, S.; Verwer, S.; Mathur, A. TABOR: A graphical model-based approach for anomaly detection in industrial control systems. In Proceedings of the Asia Conference on Computer and Communications Security, Incheon, Republic of Korea, 4–8 June 2018; pp. 525–536. [Google Scholar]
- Illiashenko, O.; Kharchenko, V.; Ahtyamov, M. Security assessment and green issues of FPGA-based information and control systems. In Proceedings of the International Conference on Digital Technologies 2013, Zilina, Slovakia, 29–31 May 2013; pp. 185–190. [Google Scholar]
- Papakonstantinou, N.; Sierla, S.; Charitoudi, K.; O’Halloran, B.; Karhela, T.; Vyatkin, V.; Turner, I. Security impact assessment of industrial automation systems using genetic algorithm and simulation. In Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), Barcelona, Spain, 16–19 September 2014; pp. 1–8. [Google Scholar]
- Leszczyna, R.; Fovino, I.N.; Masera, M. Approach to security assessment of critical infrastructures information systems. IET Inf. Secur. 2011, 5, 135–144. [Google Scholar] [CrossRef]
- Wang, L.J.; Wang, B.; Peng, Y.J. Research the information security risk assessment technique based on Bayesian network. In Proceedings of the 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), Chengdu, China, 20–22 August 2010; pp. V3-600–V3-604. [Google Scholar]
- Bian, N.Y.; Wang, X.Y.; Mao, L. Network security situational assessment model based on improved AHP-FCE. In Proceedings of the 2013 Sixth International Conference on Advanced Computational Intelligence (ICACI), Hangzhou, China, 19–21 October 2013; pp. 200–205. [Google Scholar]
- Lu, H.-K.; Chen, D.-Q.; Peng, Y.; Wang, H.-Z. Quantitative research on risk assessment for information security of industrial control system. Process Autom. Instrum. 2014, 35, 21–25. [Google Scholar]
- Sasirekha, V.; Ilangkumaran, M. Heterogeneous wireless network selection using FAHP integrated with TOPSIS and VIKOR. In Proceedings of the 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering (PRIME), Salem, India, 21–22 February 2013; pp. 399–407. [Google Scholar]
- Mohyeddin, M.A.; Gharaee, H. FAHP-TOPSIS risks ranking models in ISMS. In Proceedings of the 7th International Symposium on Telecommunications (IST), Tehran, Iran, 9–11 September 2014; pp. 879–882. [Google Scholar]
- Goh, J.; Adepu, S.; Junejo, K.N.; Mathur, A. A dataset to support research in the design of secure water treatment systems. In Proceedings of the International Conference on Critical Information Infrastructures Security (CRITIS), Paris, France, 10–12 October 2016; pp. 88–99. [Google Scholar]
- Zhang, J.; Yu, J.; Tao, D. Local deep-feature alignment for unsupervised dimension reduction. IEEE Trans. Image Process. 2018, 27, 2420–2432. [Google Scholar] [CrossRef] [PubMed]
- Wang, J.; Hou, B.; Jiao, L.; Wang, S. POL-SAR image classification based on modified stacked autoencoder network and data distribution. IEEE Trans. Geosci. Remote Sens. 2019, 58, 1678–1695. [Google Scholar] [CrossRef]
- Liu, C.; Tang, L.; Liu, J. A stacked autoencoder with sparse Bayesian regression for end-point prediction problems in steelmaking process. IEEE Trans. Autom. Sci. Eng. 2019, 17, 550–561. [Google Scholar] [CrossRef]
- Liu, F.; Ting, K.M.; Zhou, Z. Isolation forest. In Proceedings of the 2008 Eighth IEEE International Conference on Data Mining, Pisa, Italy, 15–19 December 2008; pp. 413–422. [Google Scholar]
- Inoue, J.; Yamagata, Y.; Chen, Y.; Poskitt, C.M.; Sun, J. Anomaly detection for a water treatment system using unsupervised machine learning. In Proceedings of the 2017 IEEE International Conference on Data Mining Workshops (ICDMW), New Orleans, LA, USA, 18–21 November 2017; pp. 1058–1065. [Google Scholar]
- Kravchik, M.; Shabtai, A. Detecting cyber attacks in industrial control systems using convolutional neural networks. In Proceedings of the Workshop on Cyber-Physical Systems Security and Privacy, Incheon, Republic of Korea, 4 June 2018; pp. 72–83. [Google Scholar]
- Li, D.; Chen, D.; Jin, B.; Shi, L.; Goh, J.; Ng, S. MAD-GAN: Multivariate anomaly detection for time series data with generative adversarial networks. In International Conference on Artificial Neural Networks; Springer International Publishing: Cham, Switzerland, 2019; pp. 703–716. [Google Scholar]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2025 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zhang, H.; Zhang, H. Anomaly Detection and Objective Security Evaluation Using Autoencoder, Isolation Forest, and Multi-Criteria Decision Methods. Sensors 2025, 25, 6250. https://doi.org/10.3390/s25196250
Zhang H, Zhang H. Anomaly Detection and Objective Security Evaluation Using Autoencoder, Isolation Forest, and Multi-Criteria Decision Methods. Sensors. 2025; 25(19):6250. https://doi.org/10.3390/s25196250
Chicago/Turabian StyleZhang, Hongbin, and Haibin Zhang. 2025. "Anomaly Detection and Objective Security Evaluation Using Autoencoder, Isolation Forest, and Multi-Criteria Decision Methods" Sensors 25, no. 19: 6250. https://doi.org/10.3390/s25196250
APA StyleZhang, H., & Zhang, H. (2025). Anomaly Detection and Objective Security Evaluation Using Autoencoder, Isolation Forest, and Multi-Criteria Decision Methods. Sensors, 25(19), 6250. https://doi.org/10.3390/s25196250