For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
2,881
views
25
references
 Top references
cited by
2
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    4
    shares
      213
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Two-level Intrusion Detection System for Industrial Control System Networks using P4

      proceedings-article
      Author(s): 1 , 1
      Publication date (Print):
      Conference name: 5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)
      Conference theme: ICS & SCADA Cyber Security Research
      Conference date: 29 - 30 August 2018
      Bookmark

            Abstract

            The increasing number of attacks against Industrial Control Systems (ICS) have shown the vulnerability of these systems. Many ICS network protocols have no security mechanism and the requirements on high availability and real-time communication make it challenging to apply intrusive security measures. In this paper, we propose a two-level intrusion detection system for ICS networks based on Software Defined Networking (SDN). The first level consists of flow and Modbus whitelists, leveraging P4 for efficient real-time monitoring. The second level is a deep packet inspector communicating with an SDN controller to update the whitelists of the first level. We show by experiments in an emulated environment that our design has only a small impact on communication latencies in the ICS and is efficient against Modbus/TCP oriented attacks.

            Content

            Author and article information

            Contributors
            Gorby Kabasele Ndonda
            Ramin Sadre
            Conference
            Publication date: August 2018
            Publication date (Print): August 2018
            Pages: 31-40
            Affiliations
            [1 ]Universit Catholique de Louvain, Belgium
            Article
            DOI: 10.14236/ewic/ICS2018.4
            SO-VID: 812d74ca-3e4e-4e8e-bf86-7dc64ef106de
            Copyright © © Ndonda et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 5th International Symposium for ICS & SCADA Cyber Security Research 2018
            Conference acronym: ICS-CSR 2018
            Conference number: 5
            Conference location: University of Hamburg, Germany
            Conference date: 29 - 30 August 2018
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: ICS & SCADA Cyber Security Research
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2018.4
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction

            REFERENCES

            1. Flow whitelisting in scada networks International Journal of Critical Infrastructure Protection 6(3: 150 158 2013

            2. “P4: Programming protocol-independent packet processors SIGCOMM Comput. Commun. Rev. 44(3:87–95 July 2014

            3. “Using model-based intrusion detection for scada networks Proceedings of the SCADA Security Scientific Symposium 2007

            4. “Capitalizing on sdn-based scada systems: An anti-eavesdropping case-study 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) 165–173 May 2015

            5. “Software-defined networking for smart grid resilience: Opportunities and challenges Proceedings of the 1st ACM Workshop on Cyber- Physical System Security, CPSS ’15 61–68 ACM 2015

            6. “Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments Computer Networks 62:122–136 April 2014

            7. Operational Technology and Information Technology in Industrial Control Systems 51–68 Springer International Publishing 2016

            8. Security issues in scada networks Computers & Security 25(7:498 506 2006

            9. “Software-defined networking: A comprehensive survey Proceedings of the IEEE 103(1:14–76 Jan 2015

            10. A network in a laptop: Rapid prototyping for software-defined networks Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets-IX 19:1–19:6 New York, NY, USA 2010 ACM

            11. “Athena: A framework for scalable anomaly detection in software-defined networks 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 249–260 June 2017

            12. A practical flow white list approach for scada systems Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016, ICS-CSR ’16 1–4 BCS Learning & Development Ltd. 2016

            13. “Openflow: Enabling innovation in campus networks SIGCOMM Comput. Commun. Rev. 38(2:69–74 Mar. 2008

            14. Modbus Modbus Messaging on TCP/IP Implementation Guide V1.0b 2006

            15. A low-delay sdnbased countermeasure to eavesdropping attacks in industrial control systems IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN) 2017

            16. Open Networking Foundation Openflow switch specification, version 1.0.1 (wireprotocol 0x01) 2009

            17. A first look into scada network traffic 2012 IEEE Network Operations and Management Symposium 518–521 April 2012

            18. “Making middleboxes someone else’s problem: Network processing as a cloud service Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM ’12 13–24 New York, NY, USA 2012 ACM

            19. Efficient implementation of security applications in openflow controller with flexam High-Performance Interconnects (HOTI), 2013 IEEE 21st Annual Symposium on 49–54 IEEE 2013

            20. “An overview of ip flow-based intrusion detection IEEE Communications Surveys & Tutorials 12(3:343–356 2010 security netflow

            21. Using open source to create a cohesive firewall/ids system 2001

            22. Floodguard: A dos attack prevention extension in software-defined networks Proceedings of 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN ’15 239–250 Washington, DC, USA 2015 IEEE Computer Society

            Comments

            Comment on this article