Cloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking
Title | Cloud Based Intrusion Detection and Prevention System for Industrial Control Systems Using Software Defined Networking |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Brugman, Jonathon, Khan, Mohammed, Kasera, Sneha, Parvania, Masood |
Conference Name | 2019 Resilience Week (RWS) |
ISBN Number | 978-1-7281-2135-2 |
Keywords | Amazon Web Services, anomaly detection, CB-IDPS, cloud Based intrusion detection and prevention system, cloud computing, composability, computer network security, control engineering computing, cyber security, data privacy, energy management systems, Human Behavior, human factors, ICs, ICS delay constraints, ICS networks, industrial control, industrial control systems, intrusion detection and prevention, layer encryption, manufacturing systems, Metrics, microgrid, microgrid energy management system, network function virtualization, network intrusion services, network security tools, OpenDaylight software, packet inspection, power engineering computing, power grids, power system control, privacy, production engineering computing, pubcrawl, resilience, Resiliency, SDN controller, service function chaining, software defined networking, virtual private cloud, virtualisation, virtualization privacy, web services |
Abstract | Industrial control systems (ICS) are becoming more integral to modern life as they are being integrated into critical infrastructure. These systems typically lack application layer encryption and the placement of common network intrusion services have large blind spots. We propose the novel architecture, Cloud Based Intrusion Detection and Prevention System (CB-IDPS), to detect and prevent threats in ICS networks by using software defined networking (SDN) to route traffic to the cloud for inspection using network function virtualization (NFV) and service function chaining. CB-IDPS uses Amazon Web Services to create a virtual private cloud for packet inspection. The CB-IDPS framework is designed with considerations to the ICS delay constraints, dynamic traffic routing, scalability, resilience, and visibility. CB-IDPS is presented in the context of a micro grid energy management system as the test case to prove that the latency of CB-IDPS is within acceptable delay thresholds. The implementation of CB-IDPS uses the OpenDaylight software for the SDN controller and commonly used network security tools such as Zeek and Snort. To our knowledge, this is the first attempt at using NFV in an ICS context for network security. |
URL | https://ieeexplore.ieee.org/document/8971825/ |
DOI | 10.1109/RWS47064.2019.8971825 |
Citation Key | brugman_cloud_2019 |
- production engineering computing
- microgrid energy management system
- network function virtualization
- network intrusion services
- network security tools
- OpenDaylight software
- packet inspection
- power engineering computing
- power grids
- power system control
- privacy
- microgrid
- pubcrawl
- resilience
- Resiliency
- SDN controller
- service function chaining
- software defined networking
- virtual private cloud
- virtualisation
- virtualization privacy
- web services
- Human Factors
- CB-IDPS
- cloud Based intrusion detection and prevention system
- Cloud Computing
- composability
- computer network security
- control engineering computing
- cyber security
- data privacy
- energy management systems
- Human behavior
- Amazon Web Services
- ICs
- Anomaly Detection
- ICS delay constraints
- ICS networks
- industrial control
- Industrial Control Systems
- intrusion detection and prevention
- layer encryption
- manufacturing systems
- Metrics