Light-Weight Active Security for Detecting DDoS Attacks in Containerised ICPS

Abstract

In Industrial Cyber-Physical Systems (ICPS), containerisation promises high scalability, reconfigurability and dependability. Denial of Service (DoD/DDoS) is a significant security threat in containerised ICPS applications, which execute on resource-constrained computers like PLCs, and cannot support traditional security mechanisms like firewalls that sacrifice performance and throughput. We propose a novel, light-weight active security approach to detecting DoS/DDoS attacks through frequency analysis of network traffic (packets). Our approach identifies attacks by recording a frequency signature of the flow of packets in an ICPS under normal operation. Subsequently, an attack is modelled as any anomalies in the network that modify the frequency profile of network traffic in the ICPS. Our prototype implementation and evaluation show that this active security method is light-weight and suitable for resource-constrained ICPS platforms.