Detecting Anomalies by using Self-Organizing Maps in Industrial Environments

Ricardo Hormann; Eric Fischer

doi:10.5220/0007364803360344

Detecting Anomalies by using Self-Organizing Maps in Industrial Environments

Ricardo Hormann, Eric Fischer

2019

Abstract

Detecting anomalies caused by intruders are a big challenge in industrial environments due to the complex environmental interdependencies and proprietary fieldbus protocols. In this paper, we proposed a network-based method for detecting anomalies by using unsupervised artificial neural networks called Self-Organizing Maps (SOMs). Therefore, we published an algorithm which identifies clusters and cluster centroids in SOMs to gain knowledge about the underlying data structure. In the training phase we created two neural networks, one for clustering the network data and the other one for finding the cluster centroids. In the operating phase our approach is able to detect anomalies by comparing new data samples with the first trained SOM model. We used a confidence interval to decide if the sample is too far from its best matching unit. A novel additional confidence interval for the second SOM is proposed to minimize false positives which have been a major drawback of machine learning methods in anomaly detection. We implemented our approach in a robot cell and infiltrated the network like an intruder would do to evaluate our method. As a result, we significantly reduced the false positive rate to 0.07% using the second interval while providing an accuracy of 99% for the detection of network attacks.

Download

Paper Citation

in Harvard Style

Hormann R. and Fischer E. (2019). Detecting Anomalies by using Self-Organizing Maps in Industrial Environments.In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-359-9, pages 336-344. DOI: 10.5220/0007364803360344

in Bibtex Style

@conference{icissp19,
author={Ricardo Hormann and Eric Fischer},
title={Detecting Anomalies by using Self-Organizing Maps in Industrial Environments},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2019},
pages={336-344},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007364803360344},
isbn={978-989-758-359-9},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Detecting Anomalies by using Self-Organizing Maps in Industrial Environments
SN - 978-989-758-359-9
AU - Hormann R.
AU - Fischer E.
PY - 2019
SP - 336
EP - 344
DO - 10.5220/0007364803360344