工业控制系统中用于入侵响应的软件定义网络方法：综述

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Critical Infrastructure Protection Pub Date : 2023-09-01 DOI:10.1016/j.ijcip.2023.100615

Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza

{"title":"工业控制系统中用于入侵响应的软件定义网络方法：综述","authors":"Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza","doi":"10.1016/j.ijcip.2023.100615","DOIUrl":null,"url":null,"abstract":"<div><p>Industrial Control Systems (ICSs) are a key technology for life-sustainability, social development and economic progress used in a wide range of industrial solutions, including Critical Infrastructures (CIs), becoming the primary target for multiple security attacks. With the increase of personalized and sophisticated attacks, the need for new tailored ICS cybersecurity mechanisms has increased exponentially, complying with specific ICS requirements that Information Technology (IT) security systems fail to meet. In this survey, a comprehensive study of ICS intrusion response is conducted, focusing on the use of Software-Defined Networking (SDN) for the development of intrusion response strategies in ICS. With its centralized control plane, increased programmability and global view of the entire network, SDN enables the development of intrusion response solutions that provide a coordinated response to mitigate attacks. Through the survey, an analysis of ICS security requirements and the applicability of SDN is conducted, identifying the advantages and disadvantages compared to traditional networking and protocols. Furthermore, a taxonomy on intrusion response strategies is presented, where different proposals are discussed and categorized according to intrusion response strategy and deployment environment characteristics. Finally, future research directions and challenges are identified.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"42 ","pages":"Article 100615"},"PeriodicalIF":4.1000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey\",\"authors\":\"Xabier Etxezarreta, Iñaki Garitano, Mikel Iturbe, Urko Zurutuza\",\"doi\":\"10.1016/j.ijcip.2023.100615\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Industrial Control Systems (ICSs) are a key technology for life-sustainability, social development and economic progress used in a wide range of industrial solutions, including Critical Infrastructures (CIs), becoming the primary target for multiple security attacks. With the increase of personalized and sophisticated attacks, the need for new tailored ICS cybersecurity mechanisms has increased exponentially, complying with specific ICS requirements that Information Technology (IT) security systems fail to meet. In this survey, a comprehensive study of ICS intrusion response is conducted, focusing on the use of Software-Defined Networking (SDN) for the development of intrusion response strategies in ICS. With its centralized control plane, increased programmability and global view of the entire network, SDN enables the development of intrusion response solutions that provide a coordinated response to mitigate attacks. Through the survey, an analysis of ICS security requirements and the applicability of SDN is conducted, identifying the advantages and disadvantages compared to traditional networking and protocols. Furthermore, a taxonomy on intrusion response strategies is presented, where different proposals are discussed and categorized according to intrusion response strategy and deployment environment characteristics. Finally, future research directions and challenges are identified.</p></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"42 \",\"pages\":\"Article 100615\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2023-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548223000288\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548223000288","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

工业控制系统（ICSs）是生命可持续性、社会发展和经济进步的关键技术，用于各种工业解决方案，包括关键基础设施（CI），成为多种安全攻击的主要目标。随着个性化和复杂攻击的增加，对新的定制ICS网络安全机制的需求呈指数级增长，符合信息技术（IT）安全系统无法满足的特定ICS要求。在这项调查中，对ICS入侵响应进行了全面的研究，重点是使用软件定义网络（SDN）开发ICS中的入侵响应策略。凭借其集中的控制平面、增强的可编程性和对整个网络的全局视图，SDN能够开发入侵响应解决方案，提供协调的响应以减轻攻击。通过调查，分析了ICS的安全需求和SDN的适用性，确定了与传统网络和协议相比的优势和劣势。此外，还提出了入侵响应策略的分类法，根据入侵响应策略和部署环境的特点，对不同的建议进行了讨论和分类。最后，确定了未来的研究方向和挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey

Industrial Control Systems (ICSs) are a key technology for life-sustainability, social development and economic progress used in a wide range of industrial solutions, including Critical Infrastructures (CIs), becoming the primary target for multiple security attacks. With the increase of personalized and sophisticated attacks, the need for new tailored ICS cybersecurity mechanisms has increased exponentially, complying with specific ICS requirements that Information Technology (IT) security systems fail to meet. In this survey, a comprehensive study of ICS intrusion response is conducted, focusing on the use of Software-Defined Networking (SDN) for the development of intrusion response strategies in ICS. With its centralized control plane, increased programmability and global view of the entire network, SDN enables the development of intrusion response solutions that provide a coordinated response to mitigate attacks. Through the survey, an analysis of ICS security requirements and the applicability of SDN is conducted, identifying the advantages and disadvantages compared to traditional networking and protocols. Furthermore, a taxonomy on intrusion response strategies is presented, where different proposals are discussed and categorized according to intrusion response strategy and deployment environment characteristics. Finally, future research directions and challenges are identified.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.