644
views
0
recommends
+1 Recommend
1 collections
    4
    shares
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      A Two-level Intrusion Detection System for Industrial Control System Networks using P4

      proceedings-article

      1 , 1

      5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)

      ICS & SCADA Cyber Security Research

      29 - 30 August 2018

      Bookmark

            Abstract

            The increasing number of attacks against Industrial Control Systems (ICS) have shown the vulnerability of these systems. Many ICS network protocols have no security mechanism and the requirements on high availability and real-time communication make it challenging to apply intrusive security measures. In this paper, we propose a two-level intrusion detection system for ICS networks based on Software Defined Networking (SDN). The first level consists of flow and Modbus whitelists, leveraging P4 for efficient real-time monitoring. The second level is a deep packet inspector communicating with an SDN controller to update the whitelists of the first level. We show by experiments in an emulated environment that our design has only a small impact on communication latencies in the ICS and is efficient against Modbus/TCP oriented attacks.

            Content

            Author and article information

            Contributors
            Conference
            August 2018
            August 2018
            : 31-40
            Affiliations
            [1 ]Universit Catholique de Louvain, Belgium
            Article
            10.14236/ewic/ICS2018.4
            812d74ca-3e4e-4e8e-bf86-7dc64ef106de
            © Ndonda et al. Published by BCS Learning and Development Ltd. Proceedings of ICS & SCADA 2018

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            5th International Symposium for ICS & SCADA Cyber Security Research 2018
            ICS-CSR 2018
            5
            University of Hamburg, Germany
            29 - 30 August 2018
            Electronic Workshops in Computing (eWiC)
            ICS & SCADA Cyber Security Research
            Product
            Product Information: 1477-9358BCS Learning & Development
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            REFERENCES

            1. Flow whitelisting in scada networks International Journal of Critical Infrastructure Protection 6(3: 150 158 2013

            2. “P4: Programming protocol-independent packet processors SIGCOMM Comput. Commun. Rev. 44(3:87–95 July 2014

            3. “Using model-based intrusion detection for scada networks Proceedings of the SCADA Security Scientific Symposium 2007

            4. “Capitalizing on sdn-based scada systems: An anti-eavesdropping case-study 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM) 165–173 May 2015

            5. “Software-defined networking for smart grid resilience: Opportunities and challenges Proceedings of the 1st ACM Workshop on Cyber- Physical System Security, CPSS ’15 61–68 ACM 2015

            6. “Combining openflow and sflow for an effective and scalable anomaly detection and mitigation mechanism on sdn environments Computer Networks 62:122–136 April 2014

            7. Operational Technology and Information Technology in Industrial Control Systems 51–68 Springer International Publishing 2016

            8. Security issues in scada networks Computers & Security 25(7:498 506 2006

            9. “Software-defined networking: A comprehensive survey Proceedings of the IEEE 103(1:14–76 Jan 2015

            10. A network in a laptop: Rapid prototyping for software-defined networks Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, Hotnets-IX 19:1–19:6 New York, NY, USA 2010 ACM

            11. “Athena: A framework for scalable anomaly detection in software-defined networks 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 249–260 June 2017

            12. A practical flow white list approach for scada systems Proceedings of the 4th International Symposium for ICS & SCADA Cyber Security Research 2016, ICS-CSR ’16 1–4 BCS Learning & Development Ltd. 2016

            13. “Openflow: Enabling innovation in campus networks SIGCOMM Comput. Commun. Rev. 38(2:69–74 Mar. 2008

            14. Modbus Modbus Messaging on TCP/IP Implementation Guide V1.0b 2006

            15. A low-delay sdnbased countermeasure to eavesdropping attacks in industrial control systems IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN) 2017

            16. Open Networking Foundation Openflow switch specification, version 1.0.1 (wireprotocol 0x01) 2009

            17. A first look into scada network traffic 2012 IEEE Network Operations and Management Symposium 518–521 April 2012

            18. “Making middleboxes someone else’s problem: Network processing as a cloud service Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM ’12 13–24 New York, NY, USA 2012 ACM

            19. Efficient implementation of security applications in openflow controller with flexam High-Performance Interconnects (HOTI), 2013 IEEE 21st Annual Symposium on 49–54 IEEE 2013

            20. “An overview of ip flow-based intrusion detection IEEE Communications Surveys & Tutorials 12(3:343–356 2010 security netflow

            21. Using open source to create a cohesive firewall/ids system 2001

            22. Floodguard: A dos attack prevention extension in software-defined networks Proceedings of 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN ’15 239–250 Washington, DC, USA 2015 IEEE Computer Society

            Comments

            Comment on this article