Cloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking | IEEE Conference Publication | IEEE Xplore

Cloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking


Abstract:

Industrial control systems (ICS) are becoming more integral to modern life as they are being integrated into critical infrastructure. These systems typically lack applica...Show More

Abstract:

Industrial control systems (ICS) are becoming more integral to modern life as they are being integrated into critical infrastructure. These systems typically lack application layer encryption and the placement of common network intrusion services have large blind spots. We propose the novel architecture, Cloud Based Intrusion Detection and Prevention System (CB-IDPS), to detect and prevent threats in ICS networks by using software defined networking (SDN) to route traffic to the cloud for inspection using network function virtualization (NFV) and service function chaining. CB-IDPS uses Amazon Web Services to create a virtual private cloud for packet inspection. The CB-IDPS framework is designed with considerations to the ICS delay constraints, dynamic traffic routing, scalability, resilience, and visibility. CB-IDPS is presented in the context of a micro grid energy management system as the test case to prove that the latency of CB-IDPS is within acceptable delay thresholds. The implementation of CB-IDPS uses the OpenDaylight software for the SDN controller and commonly used network security tools such as Zeek and Snort. To our knowledge, this is the first attempt at using NFV in an ICS context for network security.
Date of Conference: 04-07 November 2019
Date Added to IEEE Xplore: 30 January 2020
ISBN Information:
Conference Location: San Antonio, TX, USA
No metrics found for this document.

I. Introduction

Industrial control systems (ICS) are a vital part of society. More critical infrastructure systems, including those that supply electricity and water, are being connected to the Internet to allow for more efficient and dynamic control and allocation of resources. However, this network access makes these systems vulnerable to external attacks [1]. Many of these ICS attacks can be a nuisance or even have real world consequences, including those of life and death [2]. ICS are at an increased risk of attack because the protocols designed for these systems were meant to be run only on localized systems and serial lines. These systems were not meant for access over the Internet. It was extremely hard to get access to or inject bad data into these systems. Consequently, these systems did not employ any network security measures. In ICS connected to the Internet, adversaries can not only intercept packets and learn valuable information about critical infrastructure systems, but also inject bad data into these systems and perform denial of service attacks [3] [4]. Most ICS run on Modbus, DNP3, and more recently, IEC 68150. This project focuses on the Modbus protocol in the test case, but CB-IDPS generalizes to all industrial protocols.

Usage
Select a Year
2025

View as

Total usage sinceJan 2020:753
02468101214JanFebMarAprMayJunJulAugSepOctNovDec4313123000000
Year Total:26
Data is updated monthly. Usage includes PDF downloads and HTML views.
Contact IEEE to Subscribe

References

References is not available for this document.