Open AccessA Two-level Intrusion Detection System for Industrial Control System Networks using P4
Author(s) -
Gorby Kabasele Ndonda,
Ramin Sadre
Publication year - 2018
Publication title -
electronic workshops in computing
Language(s) - English
Resource type - Conference proceedings
ISSN - 1477-9358
DOI - 10.14236/ewic/ics2018.4
Subject(s) - modbus , intrusion detection system , computer science , network packet , industrial control system , vulnerability (computing) , computer network , embedded system , software defined networking , software , real time computing , communications protocol , control (management) , computer security , operating system , artificial intelligence
The increasing number of attacks against Industrial Control Systems (ICS) have shown the vulnerability of these systems. Many ICS network protocols have no security mechanism and the requirements on high availability and real-time communication make it challenging to apply intrusive security measures. In this paper, we propose a two-level intrusion detection system for ICS networks based on Software Defined Networking (SDN). The first level consists of flow and Modbus whitelists, leveraging P4 for efficient realtime monitoring. The second level is a deep packet inspector communicating with a SDN controller to update the whitelist of the first level. We show by experiments in an emulated environment that our design has only a small impact on communication latencies in the ICS and is efficient against Modbus/ TCP oriented attacks.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom