Comparative analysis of the standalone and Hybrid SDN solutions for early detection of network channel attacks in Industrial Control Systems: A WWTP case study

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2024-10-28 DOI:10.1016/j.iot.2024.101413

Valentine Machaka , Santiago Figueroa-Lorenzo , Saioa Arrizabalaga , Josune Hernantes

{"title":"Comparative analysis of the standalone and Hybrid SDN solutions for early detection of network channel attacks in Industrial Control Systems: A WWTP case study","authors":"Valentine Machaka , Santiago Figueroa-Lorenzo , Saioa Arrizabalaga , Josune Hernantes","doi":"10.1016/j.iot.2024.101413","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial Control Systems (ICS) are critical to operating various Critical infrastructures (CIs). However, ICS communication channels connecting sensors, actuators, and local and supervisory controllers are vulnerable to network attacks compromising the system’s availability and integrity. This study proposes and compares Standalone and Hybrid Software Defined Networking (SDN) solutions to mitigate (Detect and Respond) network channel attacks in ICS environments. The methodology utilised applies a testbed designed in GNS3 following the IEC 62264 Industrial Automation Pyramid. It incorporates ICS components such as PLCs and SCADA and a Simulink-based digital twin system for a wastewater treatment plant. This research establishes a proof of concept involving detection and response to network channel attacks evaluated through packet thresholds, packet analysis, and cryptographic hashing techniques in SDN. The Mitre attack framework is implemented to provide insight into the system’s vulnerabilities through adversary emulation. The research findings reveal that both SDN solutions effectively enhance ICS network security; the Standalone SDN solution is more suitable for time-sensitive networks, while the Hybrid SDN solution better serves non-time-sensitive industrial environments. While the Standalone SDN solution offers a 75% efficiency improvement, its’ status as a nascent technology introduces unresolved vulnerabilities and limited testing favouring the Hybrid SDN solution, which provides robust security and reliability due to the integration with the Snort IDS. Thus, selecting the appropriate solution requires carefully considering the trade-offs between enhanced performance and established security. In conclusion, this study underscores the potential of SDN solutions in strengthening ICS security and suggests areas for future research.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":null,"pages":null},"PeriodicalIF":6.0000,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003548","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Industrial Control Systems (ICS) are critical to operating various Critical infrastructures (CIs). However, ICS communication channels connecting sensors, actuators, and local and supervisory controllers are vulnerable to network attacks compromising the system’s availability and integrity. This study proposes and compares Standalone and Hybrid Software Defined Networking (SDN) solutions to mitigate (Detect and Respond) network channel attacks in ICS environments. The methodology utilised applies a testbed designed in GNS3 following the IEC 62264 Industrial Automation Pyramid. It incorporates ICS components such as PLCs and SCADA and a Simulink-based digital twin system for a wastewater treatment plant. This research establishes a proof of concept involving detection and response to network channel attacks evaluated through packet thresholds, packet analysis, and cryptographic hashing techniques in SDN. The Mitre attack framework is implemented to provide insight into the system’s vulnerabilities through adversary emulation. The research findings reveal that both SDN solutions effectively enhance ICS network security; the Standalone SDN solution is more suitable for time-sensitive networks, while the Hybrid SDN solution better serves non-time-sensitive industrial environments. While the Standalone SDN solution offers a 75% efficiency improvement, its’ status as a nascent technology introduces unresolved vulnerabilities and limited testing favouring the Hybrid SDN solution, which provides robust security and reliability due to the integration with the Snort IDS. Thus, selecting the appropriate solution requires carefully considering the trade-offs between enhanced performance and established security. In conclusion, this study underscores the potential of SDN solutions in strengthening ICS security and suggests areas for future research.

查看原文本刊更多论文

用于早期检测工业控制系统中网络通道攻击的独立和混合 SDN 解决方案的比较分析：污水处理厂案例研究

工业控制系统（ICS）对于各种关键基础设施（CI）的运行至关重要。然而，连接传感器、执行器以及本地和监管控制器的 ICS 通信通道很容易受到网络攻击，从而影响系统的可用性和完整性。本研究提出并比较了独立和混合软件定义网络（SDN）解决方案，以减轻（检测和响应）ICS 环境中的网络通道攻击。采用的方法是根据 IEC 62264 工业自动化金字塔在 GNS3 中设计一个测试平台。它包含了 PLC 和 SCADA 等 ICS 组件，以及一个基于 Simulink 的污水处理厂数字孪生系统。这项研究通过 SDN 中的数据包阈值、数据包分析和加密哈希技术，建立了一个涉及网络通道攻击检测和响应的概念验证。实施了 Mitre 攻击框架，通过对手模拟来深入了解系统的漏洞。研究结果表明，两种 SDN 解决方案都能有效增强 ICS 网络安全；独立 SDN 解决方案更适用于时间敏感型网络，而混合 SDN 解决方案则更适用于非时间敏感型工业环境。虽然独立 SDN 解决方案的效率提高了 75%，但由于其技术刚刚起步，存在尚未解决的漏洞和有限的测试，因此混合 SDN 解决方案更受青睐，因为它与 Snort IDS 集成，可提供强大的安全性和可靠性。因此，要选择合适的解决方案，就必须仔细考虑增强性能和建立安全性之间的权衡。总之，本研究强调了 SDN 解决方案在加强 ICS 安全方面的潜力，并提出了今后的研究领域。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.