Anomaly Detection in Industrial Networks: Current State, Classification, and Key Challenges

Abstract

Industrial networks, due to communication convergence, face a growing exposure to cyber threats, necessitating the need to address a wider range of threats, alongside their detectability and classification. As critical components designed with a strong emphasis on availability, industrial networks require precise classification of anomalies, encompassing not just cyber anomalies but also operational and service disruptions. This paper provides an analysis of these anomalies, categorizing them into three groups based on their impact. The key contribution of this study lies in the strategic distribution of data sources across the Operational Technology (OT) network, facilitating the collection of relevant data for application in Machine Learning (ML) or Neural Network (NN) models. A comprehensive review of current anomaly processing techniques in industrial networks is presented, identifying significant research challenges to advance artificial intelligence methods for anomaly classification in OT environments. Additionally, this work examines common statistical methods for anomaly detection and offers a comparative analysis of prevalent ML and NN techniques.Industrial networks, due to communication convergence, face a growing exposure to cyber threats, necessitating the need to address a wider range of threats, alongside their detectability and classification. As critical components designed with a strong emphasis on availability, industrial networks require precise classification of anomalies, encompassing not just cyber anomalies but also operational and service disruptions. This paper provides an analysis of these anomalies, categorizing them into three groups based on their impact. The key contribution of this study lies in the strategic distribution of data sources across the Operational Technology (OT) network, facilitating the collection of relevant data for application in Machine Learning (ML) or Neural Network (NN) models. A comprehensive review of current anomaly processing techniques in industrial networks is presented, identifying significant research challenges to advance artificial intelligence methods for anomaly classification in OT environments. Additionally, this work examines common statistical methods for anomaly detection and offers a comparative analysis of prevalent ML and NN techniques.