Severity-Oriented Multiclass Drone Flight Logs Anomaly Detection

Swardiantara Silalahi, Tohari Ahmad*, Hudan Studiawan, Eirini Anthi, Lowri Williams

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

The availability of log data recorded by computer-based systems such as operating system and network logs, makes it possible for the stakeholder to look after the system for monitoring, evaluation, and improvement purposes. If an incident happens to the system, the log is the first and most important artefact to recover so that investigations may be performed to gather an understanding of why such incidents may have occurred. Log-based anomaly detection is one of the common approaches to uncovering incident scenarios and finding the root cause of such incidents. In the context of drone flight, incidents reported in logs include errors during take-off, flight range issues, and cancellations of actions. Existing studies employ sequence anomaly detection to check whether an event during a drone flight is anomalous. It needs several preceding events and includes deciding if the following event is legitimate or malicious. However, one single log record can have no relationship to other log events and be malicious at the same time. Thus, several studies explored point anomaly detection, where one log record is the only feature needed. Dividing the anomalies into two categories can be overwhelming as the number of logs generated by a system is large. At the same time, it can be helpful to separate critical anomalies from the less severe ones. Therefore, this study proposes DroLoVe, a severity-oriented multiclass anomaly detection approach for drone flight log data. In accordance with the dataset characteristics, where the samples from different severity levels share common features, this paper employs a multitask-based label vector representation to train deep neural network models. After an extensive experiment on several baselines, the proposed scenario outperforms other models from existing studies with promising results. The proposed representation of the label improves the prediction confidence score on various encoder types with 8.6% and 1.8% from focal and cross-entropy scenarios on average, respectively.

Original languageEnglish
Pages (from-to)64252-64266
Number of pages15
JournalIEEE Access
Volume12
DOIs
Publication statusPublished - 2024

Keywords

  • Anomaly detection
  • digital forensics
  • drone forensics
  • information security
  • multitask learning
  • transformer encoder

Fingerprint

Dive into the research topics of 'Severity-Oriented Multiclass Drone Flight Logs Anomaly Detection'. Together they form a unique fingerprint.

Cite this