A security protection approach based on software defined network for inter-area communication in industrial control systems
| Title | A security protection approach based on software defined network for inter-area communication in industrial control systems |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Yang, J., Zhou, C., Zhao, Y. |
| Conference Name | 12th International Conference on System Safety and Cyber-Security 2017 (SCSS) |
| ISBN Number | 978-1-78561-745-4 |
| Keywords | attacks propagation prevention, composability, computer network security, control engineering computing, customized communication protection technology, cyber-attacks detection, deep network behaviors analysis, Entropy, Hazards, hazards propagation prevention, industrial control, industrial control systems, information entropy, Inter-Area Communication, interarea communication protection, Metrics, Networked Control Systems Security, Package Inspection, production engineering computing, pubcrawl, resilience, Resiliency, security inspection method, security interarea communication architecture, security protection, security protection approach, Software Defined Network, Software Defined Network (SDN), software defined networking |
| Abstract | Currently, security protection in Industrial Control Systems has become a hot topic, and a great number of defense techniques have sprung up. As one of the most effective approaches, area isolation has the exceptional advantages and is widely used to prevent attacks or hazards propagating. However, most existing methods for inter-area communication protection present some limitations, i.e., excessively depending on the analyzing rules, affecting original communication. Additionally, the network architecture and data flow direction can hardly be adjusted after being deployed. To address these problems, a dynamical and customized communication protection technology is proposed in this paper. In detail, a security inter-area communication architecture based on Software Defined Network is designed firstly, where devices or subsystems can be dynamically added into or removed from the communication link. And then, a security inspection method based on information entropy is presented for deep network behaviors analysis. According to the security analysis results, the communications in the network can be adjusted in time. Finally, simulations are constructed, and the results indicate that the proposed approach is sensitive and effective for cyber-attacks detection. |
| URL | https://ieeexplore.ieee.org/document/8361402 |
| DOI | 10.1049/cp.2017.0176 |
| Citation Key | yang_security_2017 |
- interarea communication protection
- software defined networking
- Software Defined Network (SDN)
- Software Defined Network
- security protection approach
- security protection
- security interarea communication architecture
- security inspection method
- Resiliency
- resilience
- pubcrawl
- production engineering computing
- Package Inspection
- Networked Control Systems Security
- Metrics
- attacks propagation prevention
- Inter-Area Communication
- information entropy
- Industrial Control Systems
- industrial control
- hazards propagation prevention
- Hazards
- Entropy
- deep network behaviors analysis
- cyber-attacks detection
- customized communication protection technology
- control engineering computing
- computer network security
- composability