Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

Abstract

Given the importance of an early anomaly detection, Intrusion Detection Systems (IDSs) are introduced in Supervisory Control And Data Acquisition (SCADA). Agents or probes form the cornerstone of any IDS by capturing network packets and extracting relevant information. However, IDSs are facing unprecedented challenges due to the escalation in the number, scale and diversity of attacks. Software-Defined Network (SDN) then comes into play and can provide the required flexibility and scalability. Building on that, we introduce Traffic Agent Controllers (TACs) that monitor SDN-enabled switches via Open-Flow. By using lightweight statistical metrics such as Kullback-Leibler Divergence (KLD), we are able to detect the slightest anomalies, such as stealth port scans, even in the presence of background traffic. The obtained metrics can also be used to locate the anomalies with precision over 90% inside a hierarchical network topology. mehr

Mehr zum Titel

Titel Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection
Medien 10th International Conference on Networks of the Future (NoF)
Verlag IEEE
Heft ---
Band ---
ISBN 978-1-7281-4446-7
Verfasser/Herausgeber Giulia Rinaldi, Prof. Dr. Florian Adamsky, Ridha Soua, Andrea Baiocchi, Thomas Engel
Seiten 102-109
Veröffentlichungsdatum 01.10.2019
Projekttitel ---
Zitation Rinaldi, Giulia; Adamsky, Florian; Soua, Ridha; Baiocchi, Andrea; Engel, Thomas (2019): Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection. 10th International Conference on Networks of the Future (NoF), S. 102-109. DOI: 10.1109/NoF47743.2019.9014929