Behavior-Based Anomaly Detection in Log Data of Physical Access Control Systems

Florian Skopik, Markus Wurzenberger, Georg Höld, Max Landauer, Walter Kuhn

Publikation: Beitrag in FachzeitschriftArtikelBegutachtung


Behavior-based anomaly detection (AD) approaches for enterprise-IT security are not easily applicable to other domains, such as embedded devices and IoT nodes in cyber-physical systems. AD approaches are usually highly optimized for specific purposes, tightly bound to domain-specific technologies and rely on a specific syntax of investigated data. Data from cyber-physical systems is however highly diverse, often poorly documented and not easily ingested for automated analysis. AECID provides an anomaly detection approach, that monitors unstructured textual event data (i.e., log data), and implements self-learning for autonomous operation. A parser generator establishes a model of normal system behavior on top of observed events, which then can be leveraged to detect anomalies as deviations from that baseline. The unsupervised anomaly detection approaches of AECID apply machine learning techniques to perform sequence analysis, correlation analysis and statistical tests of events represented in log data. This paper discusses AECID's applicability in a building security system use case. A proof of concept demonstrates the effective detection of anomalies in log data of a building access control system stemming from card misuse, including stolen access cards and cloned cards.
Seiten (von - bis)1-18
FachzeitschriftIEEE Transactions on Dependable and Secure Computing (TDSC)
PublikationsstatusVeröffentlicht - 2022

Research Field

  • Cyber Security


Untersuchen Sie die Forschungsthemen von „Behavior-Based Anomaly Detection in Log Data of Physical Access Control Systems“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren