Experiment-based detection of service disruption attacks in optical networks using data analytics and unsupervised learning
Paper i proceeding, 2019

The paper addresses the detection of malicious attacks targeting service disruption at the optical layer as a key prerequisite for fast and effective attack response and network recovery. We experimentally demonstrate the effects of signal insertion attacks with varying intensity in a real-life scenario. By applying data analytics tools, we analyze the properties of the obtained dataset to determine how the relationships among different optical performance monitoring (OPM) parameters of the signal change in the presence of an attack as opposed to the normal operating conditions. In addition, we evaluate the performance of an unsupervised learning technique, i.e., a clustering algorithm for anomaly detection, which can detect attacks as anomalies without prior knowledge of the attacks. We demonstrate the potential and the challenges of unsupervised learning for attack detection, propose guidelines for attack signature identification needed for the detection of the considered attack methods, and discuss remaining challenges related to optical network security.

unsupervised learning

data analytics

dataset exploration

Optical network security

anomaly de- tection.


Marija Furdek Prekratic

Chalmers, Elektroteknik, Kommunikations- och antennsystem, Optiska nätverk

Carlos Natalino Da Silva

Chalmers, Elektroteknik, Kommunikations- och antennsystem, Optiska nätverk

Marco Schiano

Andrea Di Giglio

Metro and Data Center Optical Networks and Short-Reach Links II; 109460D

0277-786x (ISSN) 1996-756x (eISSN)

Vol. 10946

San Francisco, USA,


Informations- och kommunikationsteknik



Datavetenskap (datalogi)




Mer information