Leveraging SDN to Monitor Critical Infrastructure Networks in a Smarter Way
| Autor: | Gabriele Lospoto, Massimo Rimondini, Federico Griscioli, Habib Mostafaei, Roberto di Lallo, Maurizio Pizzonia |
|---|---|
| Přispěvatelé: | P. Chemouil, $. Monteiro, M. Charalambides, E. Madeira, P. Simões, S. Secci, L. P. Gaspary, C. R. P. dos Santos, DI LALLO, Roberto, Griscioli, Federico, Lospoto, Gabriele, Mostafaei, Habib, Pizzonia, Maurizio, Rimondini, Massimo |
| Jazyk: | angličtina |
| Rok vydání: | 2017 |
| Předmět: |
business.industry
Computer science Distributed computing 020206 networking & telecommunications 02 engineering and technology Intrusion detection system Industrial control system Network topology Telecommunications network Critical infrastructure Packet loss 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Software architecture business Software-defined networking Computer network |
| Zdroj: | IM |
| Popis: | In critical infrastructures, communication networks are used to exchange vital data among elements of Industrial Control Systems (ICSes). Due to the criticality of such systems and the increase of the cybersecurity risks in these contexts, best practices recommend the adoption of Intrusion Detection Systems (IDSes) as monitoring facilities. The choice of the positions of IDSes is crucial to monitor as many streams of data traffic as possible. This is especially true for the traffic patterns of ICS networks, mostly confined in many subnetworks, which are geographically distributed and largely autonomous. We introduce a methodology and a software architecture that allow an ICS operator to use the spare bandwidth that might be available in over-provisioned networks to forward replicas of traffic streams towards a single IDS placed at an arbitrary location. We leverage certain characteristics of ICS networks, like stability of topology and bandwidth needs predictability, and make use of the Software-Defined Networking (SDN) paradigm. We fulfill strict requirements about packet loss, for both functional and security aspects. Finally, we evaluate our approach on network topologies derived from real networks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|