Versatile unsupervised anomaly detection method for RTE-based networks
Reliability and dependability are critical demands of the fourth industrial revolution that Real-time Ethernet (RTE) networks have to meet. The use of anomaly detection and prevention techniques can further enhance existing RTE networks. This work presents a general and efficient anomaly detection s...
Saved in:
Published in | Expert systems with applications Vol. 206; p. 117751 |
---|---|
Main Authors | , , , , |
Format | Journal Article |
Language | English |
Published |
Elsevier Ltd
15.11.2022
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Reliability and dependability are critical demands of the fourth industrial revolution that Real-time Ethernet (RTE) networks have to meet. The use of anomaly detection and prevention techniques can further enhance existing RTE networks. This work presents a general and efficient anomaly detection strategy based on machine learning techniques. The proposal is of general purpose since only normal (i.e not anomalous) traffic data and statistical features are used during the training phase of the classifier. These features are derived from data sets extracted from unsupervised traffic data using a sliding window algorithm. The efficiency of the proposal depends on the proper selection of the sliding window algorithm’ parameters. In this work, an optimization strategy appropriately selects the algorithm’s step and window size. An Adapted Correlation based on Feature Selection indicates the most relevant features reducing the data dimensionality, improving classifier performance and efficiency. Finally, a One-Class Support Vector Machine algorithm is trained and used for classifying the traffic data sets. The authors applied the proposed anomaly detection strategy in real network data (PROFINET and Ethernet/IP Networks). The results demonstrate the proposal’s efficiency and accuracy.
•An Anomaly detection method for RTE-based networks using One-Class SVM is proposed.•The use of only statistical data features guarantees the generality of the proposal.•The proposal’s performance is verified using PROFINET and Ethernet/IP traffic data.•The use of optimal values enhances the performance of the proposal. |
---|---|
ISSN: | 0957-4174 1873-6793 |
DOI: | 10.1016/j.eswa.2022.117751 |