Biblio
In this paper, a dynamic cybersecurity protection method based on software-defined networking (SDN) is proposed, according to the protection requirement analysis for industrial control systems (ICSs). This method can execute security response measures by SDN, such as isolation, redirection etc., based on the real-time intrusion detection results, forming a detecting-responding closed-loop security control. In addition, moving target defense (MTD) concept is introduced to the protection for ICSs, where topology transformation and IP/port hopping are realized by SDN, which can confuse and deceive the attackers and prevent attacks at the beginning, protection ICSs in an active manner. The simulation results verify the feasibility of the proposed method.
In order to support large volume of transactions and number of users, as estimated by the load demand modeling, a system needs to scale in order to continue to satisfy required quality attributes. In particular, for systems exposed to the Internet, scaling up may increase the attack surface susceptible to malicious intrusions. The new proactive approach based on the concept of Moving Target Defense (MTD) should be considered as a complement to current cybersecurity protection. In this paper, we analyze the scalability of the Self Cleansing Intrusion Tolerance (SCIT) MTD approach using Cloud infrastructure services. By applying the model of MTD with continuous rotation and diversity to a multi-node or multi-instance system, we argue that the effectiveness of the approach is dependent on the share-nothing architecture pattern of the large system. Furthermore, adding more resources to the MTD mechanism can compensate to achieve the desired level of secure availability.