Cyber-security for Industrial Control Systems (ICS) such as SCADA systems has been an important avenue of research over the last couple of decades. The need for secure ICS systems stems from several factors - legacy protocols, limited segmentation between operational technology (OT) and information technology (IT) networks, and increasing connectivity of ICS devices to corporate networks and the Internet, among others. Given the unique challenges to ICS security and the unique characteristics of ICS systems and network traffic, we propose a dynamic data-driven security framework utilizing P4 programmable switches. Our proposed framework consists of a switch-controller feedback loop mechanism that enables real-time cyber attack detection and mitigation. The P4 switch with its custom packet processing capabilities, generates statistics and metrics based on network traffic patterns. The controller employs these insights to further detect and mitigate attacks by updating forwarding rules on the switch in real time. Our prototype system of a Denial-of-Service defense on a Modbus network demonstrates the promising potential of P4-based DDDAS towards real-time cyber-defense for ICS networks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Dynamic Data Driven Security Framework for Industrial Control Networks Using Programmable Switches

  • Reuben Samson Raj,
  • Dong Jin

摘要

Cyber-security for Industrial Control Systems (ICS) such as SCADA systems has been an important avenue of research over the last couple of decades. The need for secure ICS systems stems from several factors - legacy protocols, limited segmentation between operational technology (OT) and information technology (IT) networks, and increasing connectivity of ICS devices to corporate networks and the Internet, among others. Given the unique challenges to ICS security and the unique characteristics of ICS systems and network traffic, we propose a dynamic data-driven security framework utilizing P4 programmable switches. Our proposed framework consists of a switch-controller feedback loop mechanism that enables real-time cyber attack detection and mitigation. The P4 switch with its custom packet processing capabilities, generates statistics and metrics based on network traffic patterns. The controller employs these insights to further detect and mitigate attacks by updating forwarding rules on the switch in real time. Our prototype system of a Denial-of-Service defense on a Modbus network demonstrates the promising potential of P4-based DDDAS towards real-time cyber-defense for ICS networks.