Unsupervised Real-Time Communication Traffic Anomaly Detection for Multi-Dimensional Industrial Networks

Security risks exist in various dimensions of Industrial Cyber-Physical Systems(ICPS), and network traffic analysis is widely regarded as the most promising approach for mitigating sophisticated threats. This paper proposes an unsupervised anomaly detection method for multidimensional industrial net...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on industrial cyber-physical systems Vol. 3; pp. 228 - 240
Main Authors: hao, Weijie, Zhang, Zebang, Wang, Xuan, Yang, Qiang, Liu, Bo, Wang, Wenhai, Yang, Tao, Ye, Peng
Format: Journal Article
Language:English
Published: IEEE 2025
Subjects:
Analytical models
Anomaly detection
Cyber-physical systems
Data models
Deep autoencoder Gaussian mixture model (DAGMM)
Feature extraction
industrial control system (ICS)
industrial cyber-physical systems (ICPS)
Machine learning
network traffic analysis
Protocols
Real-time systems
Telecommunication traffic
Training
unsupervised anomaly detection
ISSN:2832-7004, 2832-7004
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Security risks exist in various dimensions of Industrial Cyber-Physical Systems(ICPS), and network traffic analysis is widely regarded as the most promising approach for mitigating sophisticated threats. This paper proposes an unsupervised anomaly detection method for multidimensional industrial network traffic. The feature engineering scheme for multidimensional industrial network traffic is specifically designed based on connection behavior characteristics, temporal features and statistical features. The deep autoencoder Gaussian mixture model (DAGMM) is employed and fine-tuned accordingly to generate normal behavior patterns with high-dimensional, large-scale traffic data considering the real-time response of the detection system. The proposed solution is extensively verified based on real network traffic data collected in the industrial control system (ICS) testbed. Numerical results confirm the effectiveness of the proposed model in modeling both statistical and mixed features of network traffic. The superiority in abnormal behavior identification and detection response is demonstrated compared to other models using a practical real-time framework.
ISSN:2832-7004
2832-7004
DOI:10.1109/TICPS.2024.3524185