Visible to the public Cloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking

TitleCloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking
Publication TypeConference Paper
Year of Publication2019
AuthorsBrugman, Jonathon, Khan, Mohammed, Kasera, Sneha, Parvania, Masood
Conference Name2019 Resilience Week (RWS)
ISBN Number978-1-7281-2135-2
KeywordsAmazon Web Services, anomaly detection, CB-IDPS, cloud Based intrusion detection and prevention system, cloud computing, composability, computer network security, control engineering computing, cyber security, data privacy, energy management systems, Human Behavior, human factors, ICs, ICS delay constraints, ICS networks, industrial control, industrial control systems, intrusion detection and prevention, layer encryption, manufacturing systems, Metrics, microgrid, microgrid energy management system, network function virtualization, network intrusion services, network security tools, OpenDaylight software, packet inspection, power engineering computing, power grids, power system control, privacy, production engineering computing, pubcrawl, resilience, Resiliency, SDN controller, service function chaining, software defined networking, virtual private cloud, virtualisation, virtualization privacy, web services
Abstract

Industrial control systems (ICS) are becoming more integral to modern life as they are being integrated into critical infrastructure. These systems typically lack application layer encryption and the placement of common network intrusion services have large blind spots. We propose the novel architecture, Cloud Based Intrusion Detection and Prevention System (CB-IDPS), to detect and prevent threats in ICS networks by using software defined networking (SDN) to route traffic to the cloud for inspection using network function virtualization (NFV) and service function chaining. CB-IDPS uses Amazon Web Services to create a virtual private cloud for packet inspection. The CB-IDPS framework is designed with considerations to the ICS delay constraints, dynamic traffic routing, scalability, resilience, and visibility. CB-IDPS is presented in the context of a micro grid energy management system as the test case to prove that the latency of CB-IDPS is within acceptable delay thresholds. The implementation of CB-IDPS uses the OpenDaylight software for the SDN controller and commonly used network security tools such as Zeek and Snort. To our knowledge, this is the first attempt at using NFV in an ICS context for network security.

URLhttps://ieeexplore.ieee.org/document/8971825/
DOI10.1109/RWS47064.2019.8971825
Citation Keybrugman_cloud_2019