Versatile unsupervised anomaly detection method for RTE-based networks

Reliability and dependability are critical demands of the fourth industrial revolution that Real-time Ethernet (RTE) networks have to meet. The use of anomaly detection and prevention techniques can further enhance existing RTE networks. This work presents a general and efficient anomaly detection s...

Full description

Saved in:
Bibliographic Details
Published inExpert systems with applications Vol. 206; p. 117751
Main Authors Sestito, Guilherme Serpa, Turcato, Afonso Celso, Dias, Andre Luis, Ferrari, Paolo, da Silva, Maíra Martins
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 15.11.2022
Subjects
Anomaly detection
Differential evolution
Ethernet/IP
OCSVM classifier
PROFINET
OCSVM classifier
Ethernet/IP
Differential evolution
PROFINET
Anomaly detection
Online AccessGet full text

Cover

More Information
Summary:Reliability and dependability are critical demands of the fourth industrial revolution that Real-time Ethernet (RTE) networks have to meet. The use of anomaly detection and prevention techniques can further enhance existing RTE networks. This work presents a general and efficient anomaly detection strategy based on machine learning techniques. The proposal is of general purpose since only normal (i.e not anomalous) traffic data and statistical features are used during the training phase of the classifier. These features are derived from data sets extracted from unsupervised traffic data using a sliding window algorithm. The efficiency of the proposal depends on the proper selection of the sliding window algorithm’ parameters. In this work, an optimization strategy appropriately selects the algorithm’s step and window size. An Adapted Correlation based on Feature Selection indicates the most relevant features reducing the data dimensionality, improving classifier performance and efficiency. Finally, a One-Class Support Vector Machine algorithm is trained and used for classifying the traffic data sets. The authors applied the proposed anomaly detection strategy in real network data (PROFINET and Ethernet/IP Networks). The results demonstrate the proposal’s efficiency and accuracy. •An Anomaly detection method for RTE-based networks using One-Class SVM is proposed.•The use of only statistical data features guarantees the generality of the proposal.•The proposal’s performance is verified using PROFINET and Ethernet/IP traffic data.•The use of optimal values enhances the performance of the proposal.
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2022.117751