Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/13/2019
02:30 PM
Rosaria Silipo
Rosaria Silipo
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

IoT Anomaly Detection 101: Data Science to Predict the Unexpected

Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.

Data science and artificial intelligence (AI) techniques have been applied successfully for a number of years to predict or detect all kinds of events in very different domains, including:

If you run a quick web search on "machine learning use cases," you will find pages and pages of links to documents describing machine learning (ML) algorithms to detect or predict some kind of event group in some kind of data domain.

Generally, the key to a successful machine learning-based application is a sufficiently general training set. The ML model, during training, should have a sufficient number of available examples to learn about each event group. This is one of the key points to any data science project: the availability of a sufficiently large number of event examples to train the algorithm.

Applying Machine Learning to IoT Event Prediction
Can security teams apply a machine learning algorithm to predict or recognize deterioration of mechanical pieces, or to detect cybersecurity breaches? The answer is, yes! Data science techniques have already been successfully utilized in the field of IoT and cybersecurity. For example, a classic usage of machine learning in IoT is demand prediction. How many customers will visit the restaurant this evening? How many cartons of milk will be sold? How much energy will be consumed tomorrow? Knowing the numbers in advance allows for better planning.

Healthcare is another very common usage of data science in IoT. There are many sports fitness applications and devices to monitor our vital signs, making available an abundance of data available in near real time that can be studied and used to assess a person's health condition.

Another common case study in IoT is predictive maintenance. The capability to predict if and when a mechanical piece will need maintenance leads to an optimum maintenance schedule and extends the lifespan of the machinery until its last breath. Considering that many machinery pieces are quite sophisticated and expensive, this is not a small advantage. This approach works well if a data set is available — and even better if the data set has been labeled. Labeled data means that each vector of numbers describing an event has been preassigned to a given class of events.

Anomaly Discovery: Looking for the Unexpected
A special branch of data science, however, is dedicated to discovering anomalies. What is an anomaly? An anomaly is an extremely rare episode, hard to assign to a specific class, and hard to predict. It is an unexpected event, unclassifiable with current knowledge. It's one of the hardest use cases to crack in data science because:

  • The current knowledge is not enough to define a class.
  • More often than not, no examples are available in the data to describe the anomaly.

So, the problem of anomaly detection can be easily summarized as looking for an unexpected, abnormal event of which we know nothing and of which we have no data examples. As hopeless as this may seem, it is not an uncommon use case.

  • Fraudulent transactions, for example, rarely happen and often occur in an unexpected modality.
  • Expensive mechanical pieces in IoT will break at some point without much indication on how they will break.
  • A new arrhythmic heart beat with an unrecognizable shape sometimes shows up in ECG tracks.
  • A cybersecurity threat might appear and not be easily recognized because it has never been seen before.

In these cases, the classic data science approach, based on a set of labeled data examples, cannot be applied. The solution to this problem is a twist on the usual algorithm learning from examples.

Anomaly Detection in IoT


Anomaly detection problems do not offer a classic training set with labeled examples for classes: a signal from a normally functioning system and a signal from a system with an analogy. In this case, we can only train a machine learning model on a training set with 'normal' examples and use a distance measure between the original signal and the predicted signal to trigger an anomaly alarm.
Anomaly detection problems do not offer a classic training set with labeled examples for classes: a signal from a normally functioning system and a signal from a system with an analogy. In this case, we can only train a machine learning model on a training set with "normal" examples and use a distance measure between the original signal and the predicted signal to trigger an anomaly alarm.


In IoT data, signal time series are produced by sensors strategically located on or around a mechanical component. A time series is the sequence of values of a variable over time. In this case, the variable describes a mechanical property of the object, and it is measured via one or more sensors.

Usually, the mechanical piece is working correctly. As a consequence, we have tons of examples for the piece working in normal conditions and close to zero examples for the piece failure. This is especially true if the piece plays a critical role in a mechanical chain because it is usually retired before any failure happens and compromises the whole machinery.

In IoT, a critical problem is to predict the chance of a mechanical failure before it actually happens. In this way, we can use the mechanical piece throughout its entire life cycle without endangering the other pieces in the mechanical chain. This task of predicting possible signs of mechanical failure is called anomaly detection in predictive maintenance.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Rosaria Silipo, Ph.D., principal data scientist at KNIME, is the author of 50+ technical publications, including her most recent book "Practicing Data Science: A Collection of Case Studies". She holds a doctorate degree in bio-engineering and has spent more than 25 years ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
prawalikasiri
50%
50%
prawalikasiri,
User Rank: Apprentice
5/1/2019 | 6:08:22 AM
Data Science Training In Hyderabad
very useful information about data science. 
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.