Towards Safer Industrial Serial Networks: An Expert System Framework for Anomaly Detection

Cyber security is a topic of increasing relevance in relation to industrial networks. The higher intensity and intelligent use of data pushed by smart technology (Industry 4.0) together with an augmented integration between the operational technology (production) and the information technology (business) parts of the network have considerably raised the level of vulnerabilities. On the other hand, many industrial facilities still use serial networks as underlying communication system, and they are notoriously limited from a cyber security perspective since protection mechanisms available for TSR/IR communication do not apply. Therefore, an attacker gaining access to a serial network can easily control the industrial components, potentially causing catastrophic incidents, jeopardizing assets and human lives. This study proposes a framework to act as an anomaly detection system (ADS) for industrial serial networks. It has three ingredients: an unsupervised K-means component to analyse message content, a knowledge-based Expert System component to analyse message metadata, and a voting process to generate alerts for security incidents, anomalous states, and faults. The framework was evaluated using the Proflbus-DP, a network simulator which implements a serial bus system. Results for the simulated traffic were promising: 99.90% for accuracy, 99,64% for precision, and 99.28% for F1-Score. They indicate feasibility of the framework applied to serial-based industrial networks.