Leveraging SDN to Monitor Critical Infrastricture Networks in a Smarter Way
In critical infrastructures, communication networks are used to exchange vital data among elements of Industrial Control Systems (ICSes). Due to the criticality of such systems and the increase of the cybersecurity risks in these contexts, best practices recommend the adoption of Intrusion Detection...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Journal Article |
| Language: | English |
| Published: |
16-01-2017
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In critical infrastructures, communication networks are used to exchange
vital data among elements of Industrial Control Systems (ICSes). Due to the
criticality of such systems and the increase of the cybersecurity risks in
these contexts, best practices recommend the adoption of Intrusion Detection
Systems (IDSes) as monitoring facilities. The choice of the positions of IDSes
is crucial to monitor as many streams of data traffic as possible. This is
especially true for the traffic patterns of ICS networks, mostly confined in
many subnetworks, which are geographically distributed and largely autonomous.
We introduce a methodology and a software architecture that allow an ICS
operator to use the spare bandwidth that might be available in over-provisioned
networks to forward replicas of traffic streams towards a single IDS placed at
an arbitrary location. We leverage certain characteristics of ICS networks,
like stability of topology and bandwidth needs predictability, and make use of
the Software-Defined Networking (SDN) paradigm. We fulfill strict requirements
about packet loss, for both functional and security aspects. Finally, we
evaluate our approach on network topologies derived from real networks. |
|---|---|
| DOI: | 10.48550/arxiv.1701.04293 |