A general optimization-based approach to the detection of real-time Ethernet traffic events

• Published in: Computers in industry Vol. 128; p. 103413
• Main Authors: Sestito, Guilherme Serpa, Turcato, Afonso Celso, Dias, Andre Luis, Ferrari, Paolo, Spatti, Danilo Hernane, da Silva, Maíra Martins
• Format: Journal Article
• Language: English
• Published: Elsevier B.V 01.06.2021
• Subjects: Anomaly detection; Differential evolution; Ethernet/IP; PROFINET; SERCOS III; Ethernet/IP; Differential evolution; SERCOS III; PROFINET; Anomaly detection
• ISSN: 0166-3615; 1872-6194
• DOI: 10.1016/j.compind.2021.103413

[Display omitted] •Proposal of a general anomaly detection strategy for real-time automation networks.•Proposal is ready to be integrated into smart manufacturing systems.•Optimal feature extraction and selection related to RTE networks traffic.•Application of machine learning techniques to classify anomalous events.•Real data from three protocols: PROFINET, Ethernet/IP and SERCOS III. One of the most used technologies in industrial automation is industrial Ethernet. RTE protocols can cope with the requirements of the Industry 4.0 frameworks. However, the broader use of industrial Ethernet also generates discussion about its vulnerabilities. In this sense, this work proposes anomaly detection methods. These methods are usually time-consuming and limited in scope since they are derived for addressing a single protocol. Thus, this work proposes a general and accurate anomaly detection technique suitable for any protocol based on RTE. ANN-based and SVM-based classifiers are used for classifying data traffic events based on the most relevant features extracted from data sets. An optimal sliding window approach is used for extracting these data sets, which improves the accuracy of the proposal. Seven different classifiers are investigated. Firstly, a Perceptron Neural Network is applied for verifying if the data sets are linearly separable. If this first classifier is unable to reach the required accuracy, three ANN-based classifiers with different activation functions and three SVM-based classifiers with different kernels are employed. The use of several classifiers not only improves the accuracy but also eliminates the need for advanced knowledge about communication dynamics. The generality and accuracy of the proposal are evaluated for detecting traffic events using real traffic data of a real automotive plant. PROFINET, Ethernet/IP, and SERCOS III networks have been analyzed, showing that some traffic events can be classified using the Perceptron while others require the use of more complex classifiers achieving accuracy greater than 98%.