Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

in 10th International Conference on Networks of the Future (NoF) (2019, October 04)

The increasing connectivity of restricted areas suchas Critical Infrastructures (CIs) raises major security concernsfor Supervisory Control And Data Acquisition (SCADA) systems,which are deployed to ... [more ▼]

The increasing connectivity of restricted areas suchas Critical Infrastructures (CIs) raises major security concernsfor Supervisory Control And Data Acquisition (SCADA) systems,which are deployed to monitor their operation. Given the impor-tance of an early anomaly detection, Intrusion Detection Systems(IDSs) are introduced in SCADA systems to detect malicious ac-tivities as early as possible. Agents or probes form the cornerstoneof any IDS by capturing network packets and extracting relevantinformation. However, IDSs are facing unprecedented challengesdue to the escalation in the number, scale and diversity of attacks.Software-Defined Network (SDN) then comes into play and canprovide the required flexibility and scalability. Building on that,we introduce Traffic Agent Controllers (TACs) that monitor SDN-enabled switches via OpenFlow. By using lightweight statisticalmetrics such as Kullback-Leibler Divergence (KLD), we are ableto detect the slightest anomalies, such as stealth port scans, evenin the presence of background traffic. The obtained metrics canalso be used to locate the anomalies with precision over 90%inside a hierarchical network topology. [less ▲]