Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection. Rinaldi, G., Adamsky, F., Soua, R., Baiocchi, A., & Engel, T. In 2019 10th International Conference on Networks of the Future (NoF), pages 102–109, Rome, Italy, October, 2019. IEEE.

Paper doi abstract bibtex

The increasing connectivity of restricted areas such as Critical Infrastructures (CIs) raises major security concerns for Supervisory Control And Data Acquisition (SCADA) systems, which are deployed to monitor their operation. Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in SCADA systems to detect malicious activities as early as possible. Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Deﬁned Network (SDN) then comes into play and can provide the required ﬂexibility and scalability. Building on that, we introduce Trafﬁc Agent Controllers (TACs) that monitor SDNenabled switches via OpenFlow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background trafﬁc. The obtained metrics can also be used to locate the anomalies with precision over 90% inside a hierarchical network topology.

@inproceedings{rinaldi_softwarization_2019,
	address = {Rome, Italy},
	title = {Softwarization of {SCADA}: {Lightweight} {Statistical} {SDN}-{Agents} for {Anomaly} {Detection}},
	isbn = {978-1-72814-445-0},
	shorttitle = {Softwarization of {SCADA}},
	url = {https://ieeexplore.ieee.org/document/9014929/},
	doi = {10.1109/NoF47743.2019.9014929},
	abstract = {The increasing connectivity of restricted areas such as Critical Infrastructures (CIs) raises major security concerns for Supervisory Control And Data Acquisition (SCADA) systems, which are deployed to monitor their operation. Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in SCADA systems to detect malicious activities as early as possible. Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Deﬁned Network (SDN) then comes into play and can provide the required ﬂexibility and scalability. Building on that, we introduce Trafﬁc Agent Controllers (TACs) that monitor SDNenabled switches via OpenFlow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background trafﬁc. The obtained metrics can also be used to locate the anomalies with precision over 90\% inside a hierarchical network topology.},
	language = {en},
	urldate = {2020-05-31},
	booktitle = {2019 10th {International} {Conference} on {Networks} of the {Future} ({NoF})},
	publisher = {IEEE},
	author = {Rinaldi, Giulia and Adamsky, Florian and Soua, Ridha and Baiocchi, Andrea and Engel, Thomas},
	month = oct,
	year = {2019},
	pages = {102--109},
}

Downloads: 0