Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection

Rinaldi, Giulia; Adamsky, Florian; Soua, Ridha; Baiocchi, Andrea; Engel, Thomas

Reference : Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/40162

Title :	Softwarization of SCADA: Lightweight Statistical SDN-Agents for Anomaly Detection
Language :	English
Author, co-author :	Rinaldi, Giulia [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Adamsky, Florian [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Soua, Ridha [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
	Baiocchi, Andrea [University of Roma La Sapienza > the School of Engineering > > Professor]
	Engel, Thomas [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Publication date :	4-Oct-2019
Main document title :	10th International Conference on Networks of the Future (NoF)
Peer reviewed :	Yes
Audience :	International
Event name :	10th International Conference on Networks of the Future (NoF)
Event date :	from 01-10-2019 to 03-10-2019
Event place (city) :	Rome
Event country :	Italy
Keywords :	[en] SCADA systems ; Security ; SDN ; Anomaly detection ; Agent/probes
Abstract :	[en] The increasing connectivity of restricted areas suchas Critical Infrastructures (CIs) raises major security concernsfor Supervisory Control And Data Acquisition (SCADA) systems,which are deployed to monitor their operation. Given the impor-tance of an early anomaly detection, Intrusion Detection Systems(IDSs) are introduced in SCADA systems to detect malicious ac-tivities as early as possible. Agents or probes form the cornerstoneof any IDS by capturing network packets and extracting relevantinformation. However, IDSs are facing unprecedented challengesdue to the escalation in the number, scale and diversity of attacks.Software-Defined Network (SDN) then comes into play and canprovide the required flexibility and scalability. Building on that,we introduce Traffic Agent Controllers (TACs) that monitor SDN-enabled switches via OpenFlow. By using lightweight statisticalmetrics such as Kullback-Leibler Divergence (KLD), we are ableto detect the slightest anomalies, such as stealth port scans, evenin the presence of background traffic. The obtained metrics canalso be used to locate the anomalies with precision over 90%inside a hierarchical network topology.
Target :	Researchers ; Professionals ; Students ; General public
Permalink :	http://hdl.handle.net/10993/40162
Framework Programme / European Project :	H2020 ; 700581 - ATENA - Advanced Tools to assEss and mitigate the criticality of ICT compoNents and their dependencies over Critical InfrAstructures

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Softwarization_of_SCADA__Lightweight_Statistical_SDN_Agents_for_Anomaly_Detection (2).pdf		Author preprint	273.9 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices