查看文章

Modern Internet of Things networks combine many devices and sensors that transmit and process large amounts of data. Security tools identify security events that contain information about detected system or network states. In turn, high-performance data anomaly detection methods are required to ensure stability and reliability of work processes. Information about the correlation of identified security events can be used to detect and explain deviations from normal states. This study proposes an anomaly detection approach based on the causal correlation of security events using machine learning. The proposed approach does not require prior knowledge of event scenarios. Using cluster analysis and a convolutional recurrent neural network, we construct a security state correlation graph corresponding to the normal behavior of the system. Cluster analysis determines the similarity of events to each other. A …