{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:43:26Z","timestamp":1760175806979,"version":"build-2065373602"},"reference-count":23,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2020,2,15]],"date-time":"2020-02-15T00:00:00Z","timestamp":1581724800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100010880","name":"State Grid Corporation of China","doi-asserted-by":"publisher","award":["PDB 17201800158"],"award-info":[{"award-number":["PDB 17201800158"]}],"id":[{"id":"10.13039\/501100010880","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The development and integration of information technology and industrial control networks have expanded the magnitude of new data; detecting anomalies or discovering other valid information from them is of vital importance to the stable operation of industrial control systems. This paper proposes an incremental unsupervised anomaly detection method that can quickly analyze and process large-scale real-time data. Our evaluation on the Secure Water Treatment dataset shows that the method is converging to its offline counterpart for infinitely growing data streams.<\/jats:p>","DOI":"10.3390\/info11020105","type":"journal-article","created":{"date-parts":[[2020,2,18]],"date-time":"2020-02-18T10:10:25Z","timestamp":1582020625000},"page":"105","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Unsupervised Anomaly Detection for Network Data Streams in Industrial Control Systems"],"prefix":"10.3390","volume":"11","author":[{"given":"Limengwei","family":"Liu","sequence":"first","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]},{"given":"Modi","family":"Hu","sequence":"additional","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]},{"given":"Chaoqun","family":"Kang","sequence":"additional","affiliation":[{"name":"China Electric Power Research Institute, Haidian District, Beijing 100192, China"}]},{"given":"Xiaoyong","family":"Li","sequence":"additional","affiliation":[{"name":"Key Laboratory of Trustworthy Distributed Computing and Service, Beijing University of Posts and Telecommunications, Beijing 100876, China"}]}],"member":"1968","published-online":{"date-parts":[[2020,2,15]]},"reference":[{"key":"ref_1","unstructured":"Lee, J., Bagheri, B., and Kao, H.A. (2014, January 27\u201330). Recent advances and trends of cyber-physical systems and big data analytics in industrial informatics. Proceedings of the IEEE 12th International Conference on Industrial Informatics (INDIN), Porto Alegre, Brazil."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Babcock, B., Babu, S., Datar, M., Motwani, R., and Widom, J. (2002, January 3\u20135). Models and Issues in Data Stream Systems. Proceedings of the Twenty-first ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, Madison, WI, USA.","DOI":"10.1145\/543613.543615"},{"key":"ref_3","first-page":"6","article-title":"Research on the application of the data stream technology in grid automation","volume":"35","author":"Zhao","year":"2011","journal-title":"Power Syst. Technol."},{"key":"ref_4","first-page":"1","article-title":"Adaptive data acquisition strategies for energy-efficient, smartphone-based, continuous processing of sensor streams","volume":"31","author":"Lim","year":"2012","journal-title":"Distrib. Parallel Databases"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Jardine, W., Frey, S., Green, B., and Rashid, A. (2016, January 30). SENAMI: Selective non-invasive active monitoring for ICS intrusion detection. Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, Xi\u2019an, China.","DOI":"10.1145\/2994487.2994496"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Aggarwal, E., Karimibiuki, M., Pattabiraman, K., and Ivanov, A. (2018, January 26). CORGIDS: A correlation-based generic intrusion detection system. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, Beijing, China.","DOI":"10.1145\/3264888.3264893"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"195","DOI":"10.1016\/j.cie.2010.10.008","article-title":"Increasing availability of industrial systems through data stream mining","volume":"60","author":"Alzghoul","year":"2011","journal-title":"Comput. Ind. Eng."},{"key":"ref_8","first-page":"339","article-title":"Hoeffding tree algorithms for anomaly detection in streaming datasets: A survey","volume":"8","author":"Muallem","year":"2017","journal-title":"J. Inf. Secur."},{"key":"ref_9","unstructured":"Saffari, A., Leistner, C., Santner, J., Godec, M., and Bischof, H. (October, January 27). On-line random forests. Proceedings of the IEEE 12th International Conference on Computer Vision Workshops, ICCV Workshops, Kyoto, Japan, Kyoto, Japan."},{"key":"ref_10","unstructured":"Tan, S.C., Kai, M.T., and Fei, T.L. (2011, January 16\u201322). Fast Anomaly Detection for Streaming Data. Proceedings of the 22nd International Joint Conference on Artificial Intelligence, Barcelona, Spain."},{"key":"ref_11","first-page":"463","article-title":"A review on ensembles for the class imbalance problem: Bagging-, boosting-, and hybrid-based approaches","volume":"42","author":"Galar","year":"2011","journal-title":"IEEE Trans. Syst."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Barbosa, R.R.R., Sadre, R., and Pras, A. (2012, January 17\u201321). Towards periodicity based anomaly detection in SCADA networks. Proceedings of the 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012), Krakow, Poland.","DOI":"10.1109\/ETFA.2012.6489745"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1109\/TDSC.2015.2443793","article-title":"Industrial control system network intrusion detection by telemetry analysis","volume":"13","author":"Ponomarev","year":"2015","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Kiss, I., Genge, B., Haller, P., and Sebesty\u00e9n, G. (2014, January 4\u20136). Data clustering-based anomaly detection in industrial control systems. Proceedings of the 2014 IEEE 10th International Conference on Intelligent Computer Communication and Processing (ICCP), Cluj-Napoca, Romania.","DOI":"10.1109\/ICCP.2014.6937009"},{"key":"ref_15","first-page":"18","article-title":"Stream Processing Method and Condition Monitoring Anomaly Detection for Big Data in Smart Grid","volume":"2016","author":"WANG","year":"2016","journal-title":"Autom. Electr. Power Syst."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"70","DOI":"10.1016\/j.ssci.2019.04.047","article-title":"Anomaly detection method for sensor network data streams based on sliding window sampling and optimized clustering","volume":"118","author":"Lin","year":"2019","journal-title":"Saf. Sci."},{"key":"ref_17","first-page":"1216","article-title":"Research on intrusion detection based on incremental GHSOM","volume":"37","author":"Yang","year":"2014","journal-title":"Chin. J. comput."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/776985.776986","article-title":"Issues in data stream management","volume":"32","author":"Golab","year":"2003","journal-title":"ACM Sigmod Rec."},{"key":"ref_19","unstructured":"Knuth, D.E. (1988). Sorting and Searching, Art of Computer Programming, Addison Wesley Longman Publishing Co.. [2nd ed.]."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Liu, F.T., Kai, M.T., and Zhou, Z.H. (2008, January 15\u201319). Isolation Forest. Proceedings of the 2008 Eighth IEEE International Conference on Data Mining, Pisa, Italy.","DOI":"10.1109\/ICDM.2008.17"},{"key":"ref_21","first-page":"1447","article-title":"An Approach of Data Anomaly Detection in Power Dispatching Streaming Data Based on Isolation Forest Algorithm","volume":"43","author":"LI","year":"2019","journal-title":"Power Syst. Technol."},{"key":"ref_22","unstructured":"Goh, J., Adepu, S., Junejo, K.N., and Mathur, A. (2016, January 10\u201312). A Dataset to Support Research in the Design of Secure Water Treatment Systems. Proceedings of the 11th International Conference on Critical Information Infrastructures Security, Paris, France."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Schneider, P., and B\u00f6ttinger, K. (2018, January 19). High-Performance Unsupervised Anomaly Detection for Cyber-Physical System Networks. Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy, Toronto, ON, Canada.","DOI":"10.1145\/3264888.3264890"}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/11\/2\/105\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T08:58:11Z","timestamp":1760173091000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/11\/2\/105"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,15]]},"references-count":23,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2020,2]]}},"alternative-id":["info11020105"],"URL":"https:\/\/doi.org\/10.3390\/info11020105","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2020,2,15]]}}}