Publication
Evaluation of Machine Learning-based Anomaly Detection Algorithms on an Industrial Modbus/TCP Data Set
Simon Duque Antón; Suneetha Kanoor; Daniel Fraunholz; Hans Dieter Schotten
In: Proceedings of the 13th International Conference on Availability, Reliability and Security. International Conference on Availability, Reliability and Security (ARES-2018), August 27-30, Hamburg, Germany, Pages 1-9, No. 41, ISBN 978-1-4503-6448-5, ACM, New York, NY, USA, 2018.
Abstract
In the context of the Industrial Internet of Things, communication
technology, originally used in home and office environments, is
introduced into industrial applications. Commercial off-the-shelf
products, as well as unified and well-established communication
protocols make this technology easy to integrate and use. Furthermore,
productivity is increased in comparison to classic industrial
control by making systems easier to manage, set up and configure.
Unfortunately, most attack surfaces of home and office environments
are introduced into industrial applications as well, which
usually have very few security mechanisms in place. Over the last
years, several technologies tackling that issue have been researched.
In this work, machine learning-based anomaly detection algorithms
are employed to find malicious traffic in a synthetically generated
data set of Modbus/TCP communication of a fictitious industrial
scenario. The applied algorithms are Support Vector Machine (SVM),
Random Forest, k-nearest neighbour and k-means clustering. Due
to the synthetic data set, supervised learning is possible. Support
Vector Machine and k-nearest neighbour perform well with different
data sets, while k-nearest neighbour and k-means clustering do not
perform satisfactorily