Journal of Intelligence and Information Systems (지능정보연구)

Korea Intelligent Information System Society (한국지능정보시스템학회)
권호 표지
DOI QR코드

DOI QR Code

Anomaly Detection for User Action with Generative Adversarial Networks

적대적 생성 모델을 활용한 사용자 행위 이상 탐지 방법

  • Choi, Nam woong (Department of Industrial Engineering, Yonsei University) ;
  • Kim, Wooju (Graduate School of Industrial Engineering, Yonsei University)
  • Received : 2019.06.04
  • Accepted : 2019.08.02
  • Published : 2019.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

At one time, the anomaly detection sector dominated the method of determining whether there was an abnormality based on the statistics derived from specific data. This methodology was possible because the dimension of the data was simple in the past, so the classical statistical method could work effectively. However, as the characteristics of data have changed complexly in the era of big data, it has become more difficult to accurately analyze and predict the data that occurs throughout the industry in the conventional way. Therefore, SVM and Decision Tree based supervised learning algorithms were used. However, there is peculiarity that supervised learning based model can only accurately predict the test data, when the number of classes is equal to the number of normal classes and most of the data generated in the industry has unbalanced data class. Therefore, the predicted results are not always valid when supervised learning model is applied. In order to overcome these drawbacks, many studies now use the unsupervised learning-based model that is not influenced by class distribution, such as autoencoder or generative adversarial networks. In this paper, we propose a method to detect anomalies using generative adversarial networks. AnoGAN, introduced in the study of Thomas et al (2017), is a classification model that performs abnormal detection of medical images. It was composed of a Convolution Neural Net and was used in the field of detection. On the other hand, sequencing data abnormality detection using generative adversarial network is a lack of research papers compared to image data. Of course, in Li et al (2018), a study by Li et al (LSTM), a type of recurrent neural network, has proposed a model to classify the abnormities of numerical sequence data, but it has not been used for categorical sequence data, as well as feature matching method applied by salans et al.(2016). So it suggests that there are a number of studies to be tried on in the ideal classification of sequence data through a generative adversarial Network. In order to learn the sequence data, the structure of the generative adversarial networks is composed of LSTM, and the 2 stacked-LSTM of the generator is composed of 32-dim hidden unit layers and 64-dim hidden unit layers. The LSTM of the discriminator consists of 64-dim hidden unit layer were used. In the process of deriving abnormal scores from existing paper of Anomaly Detection for Sequence data, entropy values of probability of actual data are used in the process of deriving abnormal scores. but in this paper, as mentioned earlier, abnormal scores have been derived by using feature matching techniques. In addition, the process of optimizing latent variables was designed with LSTM to improve model performance. The modified form of generative adversarial model was more accurate in all experiments than the autoencoder in terms of precision and was approximately 7% higher in accuracy. In terms of Robustness, Generative adversarial networks also performed better than autoencoder. Because generative adversarial networks can learn data distribution from real categorical sequence data, Unaffected by a single normal data. But autoencoder is not. Result of Robustness test showed that he accuracy of the autocoder was 92%, the accuracy of the hostile neural network was 96%, and in terms of sensitivity, the autocoder was 40% and the hostile neural network was 51%. In this paper, experiments have also been conducted to show how much performance changes due to differences in the optimization structure of potential variables. As a result, the level of 1% was improved in terms of sensitivity. These results suggest that it presented a new perspective on optimizing latent variable that were relatively insignificant.

한때, 이상 탐지 분야는 특정 데이터로부터 도출한 기초 통계량을 기반으로 이상 유무를 판단하는 방법이 지배적이었다. 이와 같은 방법론이 가능했던 이유는 과거엔 데이터의 차원이 단순하여 고전적 통계 방법이 효과적으로 작용할 수 있었기 때문이다. 하지만 빅데이터 시대에 접어들며 데이터의 속성이 복잡하게 변화함에 따라 더는 기존의 방식으로 산업 전반에 발생하는 데이터를 정확하게 분석, 예측하기 어렵게 되었다. 따라서 기계 학습 방법을 접목한 SVM, Decision Tree와 같은 모형을 활용하게 되었다. 하지만 지도 학습 기반의 모형은 훈련 데이터의 이상과 정상의 클래스 수가 비슷할 때만 테스트 과정에서 정확한 예측을 할 수 있다는 특수성이 있고 산업에서 생성되는 데이터는 대부분 정답 클래스가 불균형하기에 지도 학습 모형을 적용할 경우, 항상 예측되는 결과의 타당성이 부족하다는 문제점이 있다. 이러한 단점을 극복하고자 현재는 클래스 분포에 영향을 받지 않는 비지도 학습 기반의 모델을 바탕으로 이상 탐지 모형을 구성하여 실제 산업에 적용하기 위해 시행착오를 거치고 있다. 본 연구는 이러한 추세에 발맞춰 적대적 생성 신경망을 활용하여 이상 탐지하는 방법을 제안하고자 한다. 시퀀스 데이터를 학습시키기 위해 적대적 생성 신경망의 구조를 LSTM으로 구성하고 생성자의 LSTM은 2개의 층으로 각각 32차원과 64차원의 은닉유닛으로 구성, 판별자의 LSTM은 64차원의 은닉유닛으로 구성된 1개의 층을 사용하였다. 기존 시퀀스 데이터의 이상 탐지 논문에서는 이상 점수를 도출하는 과정에서 판별자가 실제데이터일 확률의 엔트로피 값을 사용하지만 본 논문에서는 자질 매칭 기법을 활용한 함수로 변경하여 이상 점수를 도출하였다. 또한, 잠재 변수를 최적화하는 과정을 LSTM으로 구성하여 모델 성능을 향상시킬 수 있었다. 변형된 형태의 적대적 생성 모델은 오토인코더의 비해 모든 실험의 경우에서 정밀도가 우세하였고 정확도 측면에서는 대략 7% 정도 높음을 확인할 수 있었다.

Keywords

References

  1. Sun, B., P. B. Luh, Q. S. Jia, Z. O'Neill, and F. Song, "Building energy doctors: An spc and kalman filter-based method for system-level fault detection in hvac systems", IEEE Transactions on Automation Science and Engineering, Vol.11, No.1, (2014), 215-229. https://doi.org/10.1109/TASE.2012.2226155
  2. Du, Z., B. Fan, X. Jin and J. Chi, "Fault detection and diagnosis for buildings and hvac systems using combined neural networks and subtractive clustering analysis", building and environment, Vol.73 (2014), 1-11 https://doi.org/10.1016/j.buildenv.2013.11.021
  3. Koturwar, P., D. Mukhopadhyay and S. Griase, A survey of classification techniques in the area of big data, Department of Information Technology Maharashtra Instititute of Techonology, 2014, Available at https://arxiv.org/abs/1503.07477 (Downloaded 10 June, 2019)
  4. Pimentel, A.F M., D. A. Clifton, L. Clifton and L. Tarassenko, "A review of novelty detection", Signal Processing, Vol.99, (2014), 215-249 https://doi.org/10.1016/j.sigpro.2013.12.026
  5. Ye, N., S. Vilbert and Q. Chen, "Computer intrusion detection through ewma for autocorrelated and uncorrelated data", IEEE transactions on reliability, Vol.52, No.1, (2003).
  6. He, X., Z. Wang, Y. Liu, and D. H. Zhou, "Least-squares fault detection and diagnosis for networked sensing systems using a direct state estimation approach", IEEE Transactions on Industrial Informatics, Vol.9, No.3, (2013), 1670-1679. https://doi.org/10.1109/TII.2013.2251891
  7. Ye, N. and Q. Chen, "An anomaly detection technique based on a chisquare statistic for detecting intrusions into information systems", Quality and Reliability Engineering International, Vol.17, No.2, (2001), 105-112. https://doi.org/10.1002/qre.392
  8. Dai, X. and Z. Gao, "From model, signal to knowledge: A data-driven perspective of fault detection and diagnosis", IEEE Transactions on Industrial Informatics, Vol. 9, No. 4, (2013), 2226-2238. https://doi.org/10.1109/TII.2013.2243743
  9. Goh, J., S. Adepu, M. Tan and Z. S. Lee, Anomaly Deetection in cyber physical systems using recurrent neural networks, IEEE, Sigarpore, 2017.
  10. Esteban, C., S. L. Hyland and G. Ratsch, Real-valued (medical) time series generation with recurrent conditional gans, Tri-Institutional Training Program in Computational Biology and Medicine Weill Cornell Medical, 2017. Available at https://arxiv.org/abs/1706.02633 (Downloaded 13 June, 2019)
  11. Zenati, H., C. S. Foo, B. Lecouat, G. Manek and V.R Chandrasekhar, Efficient gan-based anomaly detection, ICDM, 2018. Available at https://arxiv.org/abs/1802.06222 (Downloaded 1 May 2019)
  12. Goodfellow, I. J., J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville and Y. Bengio, "Generative adversarial nets", Advances in neural information processing systems, Vol. ACM, (2014)
  13. Salimans, T., I. Goodfellow, W. Zaremba, V. Cheung, A. Radford, and X. Chen, "Improved techniques for training gans", In Advances in Neural Information Processing Systems, Vol.29, (2016), 2226-2234.
  14. Hinton, G. E and R. R. salakhutdinov, "Reducing the dimensionality of Data with Neural Network", Science, Vol.313, No. 5786, (2006), 504-507. https://doi.org/10.1126/science.1127647
  15. Fraink, J., Artificial intelligence and intrusion detection: Current and future directions, Division of Computer Science, University of California, 1994. Available at https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.42.5769&rank=1
  16. Iwan, S., A. Prugel-Bennett and G. Wills, Networked digital Technologies, Springer, Dubai, 2012.
  17. Deecke, L., R. Vandermeulen, L. Ruff, S. Mandt and M. Kloft, Anomaly Detection with Generative Adversarial Networks, 2018. Available at https://openreview.net/forum?id=S1EfylZ0Z (Downloaded 13 June 2019)
  18. Sakurada, M. and T. Yairi, Anomaly detection using autoencoders with nonlinear dimensionality reduction, Machine Learning for Sensory Data Analysis, Dunedin, 2014.
  19. Li, D., D. Chen, J. Goh and S-K. Ng, Streams and Heterogeneous Source Mining: Algorithms, Systems, Programming Models and Applications, DBLP, London, 2018.
  20. Schlegl T., P. Seebock, S. M. Waldstein, U. Schmidt and G. Langs, Computer vision and pattern Recognition, IPMI, North Carolina, 2017.