A Method for Anomalies Detection in Real-Time Ethernet Data Traffic Applied to PROFINET

There are major discussions about the vulnerability of protocols based on real-time Ethernet (RTE) and techniques for detecting anomalies. Thus, this work proposes a methodology for detecting anomalies by optimizing the data extraction and by classifying traffic-related features. In order to cope with this proposal, an artificial neural network (ANN)-based classifier is trained using selected relevant features. These features are extracted using variable sized sliding window and selected according to their correlation with the other features and the expected output of the classifier. The number of relevant features can vary according to performance indicators of the classifier. The proposed methodology was exploited for identifying four different events of PROFINET networks. The performance of the ANN-based classifier was considered successful for all cases. This outcome suggests that the proposed methodology may be successful for anomalies detection in any PROFINET network. However, the application of the proposed methodology to other RTE protocol is foreseen.

[1]  Henning Trsek,et al.  Identification of traffic flows in Ethernet-based industrial fieldbuses , 2010, 2010 IEEE 15th Conference on Emerging Technologies & Factory Automation (ETFA 2010).

[2]  Zahir Tari,et al.  Toward an efficient and scalable feature selection approach for internet traffic classification , 2013, Comput. Networks.

[3]  Franoise Simonot-Lion,et al.  Guest Editorial Special Section on Communication in Automation , 2009 .

[4]  Paul Barford,et al.  Characteristics of network traffic flow anomalies , 2001, IMW '01.

[5]  Shikha Agrawal,et al.  A Survey on Feature Selection Techniques for Internet Traffic Classification , 2015, 2015 International Conference on Computational Intelligence and Communication Networks (CICN).

[6]  Belkacem Mahdad,et al.  Solving practical economic dispatch using hybrid GA–DE–PS method , 2014, Int. J. Syst. Assur. Eng. Manag..

[7]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[8]  Andrew H. Sung,et al.  A comparative study of techniques for intrusion detection , 2003, Proceedings. 15th IEEE International Conference on Tools with Artificial Intelligence.

[9]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[10]  Pat Langley,et al.  Selection of Relevant Features and Examples in Machine Learning , 1997, Artif. Intell..

[11]  Tanja Zseby,et al.  Analysis of network traffic features for anomaly detection , 2014, Machine Learning.

[12]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[13]  Singiresu S. Rao Engineering Optimization : Theory and Practice , 2010 .

[14]  Samina Khalid,et al.  A survey of feature selection and feature extraction techniques in machine learning , 2014, 2014 Science and Information Conference.

[15]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[16]  Hing Kai Chan,et al.  Guest Editorial Big Data Analytics: Risk and Operations Management for Industrial Applications , 2016, IEEE Trans. Ind. Informatics.

[17]  Kuinam J. Kim,et al.  A feature selection approach to find optimal feature subsets for the network intrusion detection system , 2015, Cluster Computing.

[18]  Risanuri Hidayat,et al.  Performance comparison of intrusion detection system based anomaly detection using artificial neural network and support vector machine , 2016 .

[19]  Luca Valcarenghi,et al.  Performance Analysis of Media Redundancy Protocol (MRP) , 2013, IEEE Transactions on Industrial Informatics.

[20]  Hartmut König,et al.  Towards the Protection of Industrial Control Systems - Conclusions of a Vulnerability Analysis of Profinet IO , 2013, DIMVA.

[21]  Daniele Marioli,et al.  A Distributed Instrument for Performance Analysis of Real-Time Ethernet Networks , 2008, IEEE Transactions on Industrial Informatics.

[22]  Jürgen Jasperneite,et al.  Computer Communication Within Industrial Distributed Environment—a Survey , 2013, IEEE Transactions on Industrial Informatics.

[23]  Markus Bregulla,et al.  PROFINET I/O Network Analyzer , 2009, CN.

[24]  Ferat Sahin,et al.  A survey on feature selection methods , 2014, Comput. Electr. Eng..

[25]  Ivan Nunes da Silva,et al.  Methodology for information extraction from oscillograms and its application for high-impedance faults analysis , 2016 .