Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection. Rinaldi, G., Adamsky, F., Soua, R., Baiocchi, A., & Engel, T. In 2019 10th International Conference on Networks of the Future (NoF), pages 102–109, Rome, Italy, October, 2019. IEEE.
Paper doi abstract bibtex The increasing connectivity of restricted areas such as Critical Infrastructures (CIs) raises major security concerns for Supervisory Control And Data Acquisition (SCADA) systems, which are deployed to monitor their operation. Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in SCADA systems to detect malicious activities as early as possible. Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Defined Network (SDN) then comes into play and can provide the required flexibility and scalability. Building on that, we introduce Traffic Agent Controllers (TACs) that monitor SDNenabled switches via OpenFlow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background traffic. The obtained metrics can also be used to locate the anomalies with precision over 90% inside a hierarchical network topology.
@inproceedings{rinaldi_softwarization_2019,
address = {Rome, Italy},
title = {Softwarization of {SCADA}: {Lightweight} {Statistical} {SDN}-{Agents} for {Anomaly} {Detection}},
isbn = {978-1-72814-445-0},
shorttitle = {Softwarization of {SCADA}},
url = {https://ieeexplore.ieee.org/document/9014929/},
doi = {10.1109/NoF47743.2019.9014929},
abstract = {The increasing connectivity of restricted areas such as Critical Infrastructures (CIs) raises major security concerns for Supervisory Control And Data Acquisition (SCADA) systems, which are deployed to monitor their operation. Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in SCADA systems to detect malicious activities as early as possible. Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Defined Network (SDN) then comes into play and can provide the required flexibility and scalability. Building on that, we introduce Traffic Agent Controllers (TACs) that monitor SDNenabled switches via OpenFlow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background traffic. The obtained metrics can also be used to locate the anomalies with precision over 90\% inside a hierarchical network topology.},
language = {en},
urldate = {2020-05-31},
booktitle = {2019 10th {International} {Conference} on {Networks} of the {Future} ({NoF})},
publisher = {IEEE},
author = {Rinaldi, Giulia and Adamsky, Florian and Soua, Ridha and Baiocchi, Andrea and Engel, Thomas},
month = oct,
year = {2019},
pages = {102--109},
}
Downloads: 0
{"_id":"bLFPdD96EBNdCTL45","bibbaseid":"rinaldi-adamsky-soua-baiocchi-engel-softwarizationofscadalightweightstatisticalsdnagentsforanomalydetection-2019","authorIDs":[],"author_short":["Rinaldi, G.","Adamsky, F.","Soua, R.","Baiocchi, A.","Engel, T."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","address":"Rome, Italy","title":"Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection","isbn":"978-1-72814-445-0","shorttitle":"Softwarization of SCADA","url":"https://ieeexplore.ieee.org/document/9014929/","doi":"10.1109/NoF47743.2019.9014929","abstract":"The increasing connectivity of restricted areas such as Critical Infrastructures (CIs) raises major security concerns for Supervisory Control And Data Acquisition (SCADA) systems, which are deployed to monitor their operation. Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in SCADA systems to detect malicious activities as early as possible. Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Defined Network (SDN) then comes into play and can provide the required flexibility and scalability. Building on that, we introduce Traffic Agent Controllers (TACs) that monitor SDNenabled switches via OpenFlow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background traffic. The obtained metrics can also be used to locate the anomalies with precision over 90% inside a hierarchical network topology.","language":"en","urldate":"2020-05-31","booktitle":"2019 10th International Conference on Networks of the Future (NoF)","publisher":"IEEE","author":[{"propositions":[],"lastnames":["Rinaldi"],"firstnames":["Giulia"],"suffixes":[]},{"propositions":[],"lastnames":["Adamsky"],"firstnames":["Florian"],"suffixes":[]},{"propositions":[],"lastnames":["Soua"],"firstnames":["Ridha"],"suffixes":[]},{"propositions":[],"lastnames":["Baiocchi"],"firstnames":["Andrea"],"suffixes":[]},{"propositions":[],"lastnames":["Engel"],"firstnames":["Thomas"],"suffixes":[]}],"month":"October","year":"2019","pages":"102–109","bibtex":"@inproceedings{rinaldi_softwarization_2019,\n\taddress = {Rome, Italy},\n\ttitle = {Softwarization of {SCADA}: {Lightweight} {Statistical} {SDN}-{Agents} for {Anomaly} {Detection}},\n\tisbn = {978-1-72814-445-0},\n\tshorttitle = {Softwarization of {SCADA}},\n\turl = {https://ieeexplore.ieee.org/document/9014929/},\n\tdoi = {10.1109/NoF47743.2019.9014929},\n\tabstract = {The increasing connectivity of restricted areas such as Critical Infrastructures (CIs) raises major security concerns for Supervisory Control And Data Acquisition (SCADA) systems, which are deployed to monitor their operation. Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in SCADA systems to detect malicious activities as early as possible. Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Defined Network (SDN) then comes into play and can provide the required flexibility and scalability. Building on that, we introduce Traffic Agent Controllers (TACs) that monitor SDNenabled switches via OpenFlow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background traffic. The obtained metrics can also be used to locate the anomalies with precision over 90\\% inside a hierarchical network topology.},\n\tlanguage = {en},\n\turldate = {2020-05-31},\n\tbooktitle = {2019 10th {International} {Conference} on {Networks} of the {Future} ({NoF})},\n\tpublisher = {IEEE},\n\tauthor = {Rinaldi, Giulia and Adamsky, Florian and Soua, Ridha and Baiocchi, Andrea and Engel, Thomas},\n\tmonth = oct,\n\tyear = {2019},\n\tpages = {102--109},\n}\n\n","author_short":["Rinaldi, G.","Adamsky, F.","Soua, R.","Baiocchi, A.","Engel, T."],"key":"rinaldi_softwarization_2019","id":"rinaldi_softwarization_2019","bibbaseid":"rinaldi-adamsky-soua-baiocchi-engel-softwarizationofscadalightweightstatisticalsdnagentsforanomalydetection-2019","role":"author","urls":{"Paper":"https://ieeexplore.ieee.org/document/9014929/"},"downloads":0},"bibtype":"inproceedings","biburl":"https://bibbase.org/zotero/tpmobley","creationDate":"2020-11-29T01:11:50.575Z","downloads":0,"keywords":[],"search_terms":["softwarization","scada","lightweight","statistical","sdn","agents","anomaly","detection","rinaldi","adamsky","soua","baiocchi","engel"],"title":"Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection","year":2019,"dataSources":["6KYEtpSuENpSn3KKK"]}