A Method for Anomalies Detection in Real-Time Ethernet Data Traffic Applied to PROFINET

There are major discussions about the vulnerability of protocols based on real-time Ethernet (RTE) and techniques for detecting anomalies. Thus, this work proposes a methodology for detecting anomalies by optimizing the data extraction and by classifying traffic-related features. In order to cope wi...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on industrial informatics 2018-05, Vol.14 (5), p.2171-2180
Main Authors: Sestito, Guilherme Serpa, Turcato, Afonso Celso, Dias, Andre Luis, Rocha, Murilo Silveira, da Silva, Maira Martins, Ferrari, Paolo, Brandao, Dennis
Format: Article
Language:English
Subjects:
Anomalies
Anomaly detection
Artificial neural network (ANN)
Artificial neural networks
Classification algorithms
Classifiers
Ethernet
Feature extraction
feature selection
Methodology
Neural networks
Optimization
PROFINET
Protocol (computers)
ranking feature
Real time
Real-time systems
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:There are major discussions about the vulnerability of protocols based on real-time Ethernet (RTE) and techniques for detecting anomalies. Thus, this work proposes a methodology for detecting anomalies by optimizing the data extraction and by classifying traffic-related features. In order to cope with this proposal, an artificial neural network (ANN)-based classifier is trained using selected relevant features. These features are extracted using variable sized sliding window and selected according to their correlation with the other features and the expected output of the classifier. The number of relevant features can vary according to performance indicators of the classifier. The proposed methodology was exploited for identifying four different events of PROFINET networks. The performance of the ANN-based classifier was considered successful for all cases. This outcome suggests that the proposed methodology may be successful for anomalies detection in any PROFINET network. However, the application of the proposed methodology to other RTE protocol is foreseen.
ISSN:1551-3203
1941-0050
DOI:10.1109/TII.2017.2772082