Comparative analysis of the standalone and Hybrid SDN solutions for early detection of network channel attacks in Industrial Control Systems: A WWTP case study
{"title":"Comparative analysis of the standalone and Hybrid SDN solutions for early detection of network channel attacks in Industrial Control Systems: A WWTP case study","authors":"Valentine Machaka , Santiago Figueroa-Lorenzo , Saioa Arrizabalaga , Josune Hernantes","doi":"10.1016/j.iot.2024.101413","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial Control Systems (ICS) are critical to operating various Critical infrastructures (CIs). However, ICS communication channels connecting sensors, actuators, and local and supervisory controllers are vulnerable to network attacks compromising the system’s availability and integrity. This study proposes and compares Standalone and Hybrid Software Defined Networking (SDN) solutions to mitigate (Detect and Respond) network channel attacks in ICS environments. The methodology utilised applies a testbed designed in GNS3 following the IEC 62264 Industrial Automation Pyramid. It incorporates ICS components such as PLCs and SCADA and a Simulink-based digital twin system for a wastewater treatment plant. This research establishes a proof of concept involving detection and response to network channel attacks evaluated through packet thresholds, packet analysis, and cryptographic hashing techniques in SDN. The Mitre attack framework is implemented to provide insight into the system’s vulnerabilities through adversary emulation. The research findings reveal that both SDN solutions effectively enhance ICS network security; the Standalone SDN solution is more suitable for time-sensitive networks, while the Hybrid SDN solution better serves non-time-sensitive industrial environments. While the Standalone SDN solution offers a 75% efficiency improvement, its’ status as a nascent technology introduces unresolved vulnerabilities and limited testing favouring the Hybrid SDN solution, which provides robust security and reliability due to the integration with the Snort IDS. Thus, selecting the appropriate solution requires carefully considering the trade-offs between enhanced performance and established security. In conclusion, this study underscores the potential of SDN solutions in strengthening ICS security and suggests areas for future research.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":null,"pages":null},"PeriodicalIF":6.0000,"publicationDate":"2024-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660524003548","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Industrial Control Systems (ICS) are critical to operating various Critical infrastructures (CIs). However, ICS communication channels connecting sensors, actuators, and local and supervisory controllers are vulnerable to network attacks compromising the system’s availability and integrity. This study proposes and compares Standalone and Hybrid Software Defined Networking (SDN) solutions to mitigate (Detect and Respond) network channel attacks in ICS environments. The methodology utilised applies a testbed designed in GNS3 following the IEC 62264 Industrial Automation Pyramid. It incorporates ICS components such as PLCs and SCADA and a Simulink-based digital twin system for a wastewater treatment plant. This research establishes a proof of concept involving detection and response to network channel attacks evaluated through packet thresholds, packet analysis, and cryptographic hashing techniques in SDN. The Mitre attack framework is implemented to provide insight into the system’s vulnerabilities through adversary emulation. The research findings reveal that both SDN solutions effectively enhance ICS network security; the Standalone SDN solution is more suitable for time-sensitive networks, while the Hybrid SDN solution better serves non-time-sensitive industrial environments. While the Standalone SDN solution offers a 75% efficiency improvement, its’ status as a nascent technology introduces unresolved vulnerabilities and limited testing favouring the Hybrid SDN solution, which provides robust security and reliability due to the integration with the Snort IDS. Thus, selecting the appropriate solution requires carefully considering the trade-offs between enhanced performance and established security. In conclusion, this study underscores the potential of SDN solutions in strengthening ICS security and suggests areas for future research.
期刊介绍:
Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT.
The journal will place a high priority on timely publication, and provide a home for high quality.
Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.