A Comparative Study of Statistical and Neural Network Models for PLC Network Traffic Anomaly Detection

Abstract

Protection of systems and computer networks against novel, unknown attacks is currently an intensively examined and developed domain. One of possible solutions to the problem is detection and classification of abnormal behaviors reflected in the analyzed network traffic. In the presented article we attempt to resolve the problem by anomaly detection in the analyzed network traffic described with the use of three different models. We tested two class of models which differed in prediction. The first sorts was composed of ARFIMA and Holt-Winters models which are characterized by statistical dependences. The second sorts, on the other hand, included neural network auto-regression model which are characterized by single hidden layer and lagged inputs for forecasting univariate time series. In order to detect anomalies in the network traffic we used differences between real network traffic and its estimated model. The experiment results confirmed efficiency and effectiveness of the presented method.