Açık Akademik Arşiv Sistemi

Analysis of Machine Learning Methods in EtherCAT-Based Anomaly Detection

Show simple item record

dc.contributor.authors Akpinar, KO; Ozcelik, I;
dc.date.accessioned 2020-10-16T10:23:15Z
dc.date.available 2020-10-16T10:23:15Z
dc.date.issued 2019
dc.identifier.citation Akpinar, KO; Ozcelik, I; (2019). Analysis of Machine Learning Methods in EtherCAT-Based Anomaly Detection. IEEE ACCESS, 7, 184374-184365
dc.identifier.issn 2169-3536
dc.identifier.uri https://doi.org/10.1109/ACCESS.2019.2960497
dc.identifier.uri https://hdl.handle.net/20.500.12619/69619
dc.description.abstract Today, the use of Ethernet-based protocols in industrial control systems (ICS) communications has led to the emergence of attacks based on information technology (IT) on supervisory control and data acquisition systems. In addition, the familiarity of Ethernet and TCP/IP protocols and the diversity and success of attacks on them raises security risks and cyber threats for ICS. This issue is compounded by the absence of encryption, authorization, and authentication mechanisms due to the development of industrial communications protocols only for performance purposes. Recent zero-day attacks, such as Triton, Stuxnet, Havex, Dragonfly, and Blackenergy, as well as the Ukraine cyber-attack, are possible because of the vulnerabilities of the systems; these attacksare carried by the protocols used in communication between PLC and I/O units or HMI and engineering stations. It is evident that there is a need for robust solutions that detect and prevent protocol-based cyber threats. In this paper, machine learning methods are evaluated for anomaly detection, particularly for EtherCAT-based ICS. To the best of the authors knowledge, there has been no research focusing on machine learning algorithms for anomaly detection of EtherCAT. Before testing anomaly detection, an EtherCAT-based water level control system testbed was developed. Then, a total of 16 events were generated in four categories and applied on the testbed. The dataset created was used for anomaly detection. The results showed that the k-nearest neighbors (k-NN) and support vector machine with genetic algorithm (SVM GA) models perform best among the 18 techniques applied. In addition to detecting anomalies, the methods are able to flag the attack types better than other techniques and are applicable in EtherCAT networks. Also, the dataset and events can be used for further studies since it is difficult to obtain data for ICS due to its critical infrastructure and continuous real-time operation.
dc.language English
dc.publisher IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
dc.rights info:eu-repo/semantics/openAccess
dc.rights.uri http://creativecommons.org/licenses/by/4.0/
dc.subject Telecommunications
dc.title Analysis of Machine Learning Methods in EtherCAT-Based Anomaly Detection
dc.type Article
dc.identifier.volume 7
dc.identifier.startpage 184365
dc.identifier.endpage 184374
dc.contributor.department Sakarya Üniversitesi/Bilgisayar Ve Bilişim Bilimleri Fakültesi/Bilgisayar Mühendisliği Bölümü
dc.contributor.saüauthor Ovaz Akpınar, Kevser
dc.contributor.saüauthor Özçelik, İbrahim
dc.relation.journal IEEE ACCESS
dc.identifier.wos WOS:000505565500012
dc.identifier.doi 10.1109/ACCESS.2019.2960497
dc.contributor.author Ovaz Akpınar, Kevser
dc.contributor.author Özçelik, İbrahim


Files in this item

This item appears in the following Collection(s)

Show simple item record

info:eu-repo/semantics/openAccess Except where otherwise noted, this item's license is described as info:eu-repo/semantics/openAccess