Dynamic Data Driven Security Framework for Industrial Control Networks Using Programmable Switches
摘要
Cyber-security for Industrial Control Systems (ICS) such as SCADA systems has been an important avenue of research over the last couple of decades. The need for secure ICS systems stems from several factors - legacy protocols, limited segmentation between operational technology (OT) and information technology (IT) networks, and increasing connectivity of ICS devices to corporate networks and the Internet, among others. Given the unique challenges to ICS security and the unique characteristics of ICS systems and network traffic, we propose a dynamic data-driven security framework utilizing P4 programmable switches. Our proposed framework consists of a switch-controller feedback loop mechanism that enables real-time cyber attack detection and mitigation. The P4 switch with its custom packet processing capabilities, generates statistics and metrics based on network traffic patterns. The controller employs these insights to further detect and mitigate attacks by updating forwarding rules on the switch in real time. Our prototype system of a Denial-of-Service defense on a Modbus network demonstrates the promising potential of P4-based DDDAS towards real-time cyber-defense for ICS networks.