Visible to the public Autonomic Intelligent Cyber-Sensor to Support Industrial Control Network Awareness

TitleAutonomic Intelligent Cyber-Sensor to Support Industrial Control Network Awareness
Publication TypeJournal Article
Year of Publication2014
AuthorsVollmer, T., Manic, M., Linda, O.
JournalIndustrial Informatics, IEEE Transactions on
Volume10
Pagination1647-1658
Date PublishedMay
ISSN1551-3203
Keywordsaccess protocols, anomaly detection algorithm, Autonomic computing, autonomic intelligent cyber-sensor, C++, computer network security, control systems, digital device proliferation, fault tolerant computing, field buses, flexible two-level communication layer, Fuzzy logic, IF-MAP, industrial control, industrial control network awareness, industrial ecosystems, Intelligent sensors, internal D-Bus communication mechanism, legacy software, meta data, metadata access point external communication layer, mixed-use test network, Network interfaces, Network security, network security sensor, networked industrial ecosystem, pattern clustering, PERL, proof of concept prototype, self-managed framework, service oriented architecture, service-oriented architecture, simple object access protocol-based interface, SOAP-based interface, traffic monitor, virtual network hosts
Abstract

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of autonomic computing and a simple object access protocol (SOAP)-based interface to metadata access points (IF-MAP) external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, and self-managed framework. The contribution of this paper is twofold: 1) A flexible two-level communication layer based on autonomic computing and service oriented architecture is detailed and 2) three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real-world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific operating system and port configurations. In addition, the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.

URLhttps://ieeexplore.ieee.org/document/6547755
DOI10.1109/TII.2013.2270373
Citation Key6547755