Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

Rinaldi, Giulia; Adamsky, Florian; Soua, Ridha; Baiocchi, Andrea; Engel, Thomas

doi:10.1109/NoF47743.2019.9014929

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

Rinaldi, Giulia; Adamsky, Florian; Soua, Ridha et al.

2019 • In 10th International Conference on Networks of the Future (NoF)

Peer reviewed

Permalink
https://hdl.handle.net/10993/40162

DOI
10.1109/NoF47743.2019.9014929

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Softwarization_of_SCADA__Lightweight_Statistical_SDN_Agents_for_Anomaly_Detection (2).pdf

Author preprint (280.47 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

SCADA systems; Security; SDN; Anomaly detection; Agent/probes

Abstract :

[en] The increasing connectivity of restricted areas suchas Critical Infrastructures (CIs) raises major security concernsfor Supervisory Control And Data Acquisition (SCADA) systems,which are deployed to monitor their operation. Given the impor-tance of an early anomaly detection, Intrusion Detection Systems(IDSs) are introduced in SCADA systems to detect malicious ac-tivities as early as possible. Agents or probes form the cornerstoneof any IDS by capturing network packets and extracting relevantinformation. However, IDSs are facing unprecedented challengesdue to the escalation in the number, scale and diversity of attacks.Software-Defined Network (SDN) then comes into play and canprovide the required flexibility and scalability. Building on that,we introduce Traffic Agent Controllers (TACs) that monitor SDN-enabled switches via OpenFlow. By using lightweight statisticalmetrics such as Kullback-Leibler Divergence (KLD), we are ableto detect the slightest anomalies, such as stealth port scans, evenin the presence of background traffic. The obtained metrics canalso be used to locate the anomalies with precision over 90%inside a hierarchical network topology.

Disciplines :

Computer science

Author, co-author :

Rinaldi, Giulia ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Adamsky, Florian ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Soua, Ridha ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Baiocchi, Andrea; University of Roma La Sapienza > the School of Engineering > Professor

Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

yes

Language :

English

Title :

Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

Publication date :

04 October 2019

Event name :

10th International Conference on Networks of the Future (NoF)

Event place :

Rome, Italy

Event date :

from 01-10-2019 to 03-10-2019

Audience :

International

Main work title :

10th International Conference on Networks of the Future (NoF)

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

European Projects :

H2020 - 700581 - ATENA - Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures

Funders :

CE - Commission Européenne [BE]

Available on ORBilu :

since 26 August 2019

Statistics

Number of views

216 (15 by Unilu)

Number of downloads

286 (5 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations