A Pvalue-guided Anomaly Detection Approach Combining Multiple Heterogeneous Log Parser Algorithms on IIoT Systems

TL;DR

This paper introduces a novel pvalue-guided anomaly detection method for IIoT systems that combines multiple log parsers and uses blockchain for log integrity, effectively identifying abnormal events in real-world logs.

Contribution

It proposes a new anomaly detection approach that integrates multiple heterogeneous log parsers with pvalues and blockchain, enhancing detection accuracy and log security in IIoT.

Findings

Effective recognition of abnormal events in real-world logs

Improved detection accuracy over existing methods

Blockchain ensures tamper-proof log data

Abstract

Industrial Internet of Things (IIoT) is becoming an attack target of advanced persistent threat (APT). Currently, IIoT logs have not been effectively used for anomaly detection. In this paper, we use blockchain to prevent logs from being tampered with and propose a pvalue-guided anomaly detection approach. This approach uses statistical pvalues to combine multiple heterogeneous log parser algorithms. The weighted edit distance is selected as a score function to calculate the nonconformity score between a log and a predefined event. The pvalue is calculated based on the non-conformity scores which indicate how well a log matches an event. This approach is tested on a large number of real-world HDFS logs and IIoT logs. The experiment results show that abnormal events could be effectively recognized by our pvalue-guided approach.