Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness
Abstract
The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally themore »
- Authors:
-
- Idaho National Lab. (INL), Idaho Falls, ID (United States)
- Univ. of Idaho, Idaho Falls, ID (United States)
- Expedia Incorporated, Bellevue, WA (United States)
- Publication Date:
- Research Org.:
- Idaho National Lab. (INL), Idaho Falls, ID (United States)
- Sponsoring Org.:
- USDOE Office of Electricity (OE)
- OSTI Identifier:
- 1116753
- Report Number(s):
- INL/JOU-12-25687
Journal ID: ISSN 1551-3203
- Grant/Contract Number:
- AC07-05ID14517
- Resource Type:
- Accepted Manuscript
- Journal Name:
- IEEE Transactions on Industrial Informatics
- Additional Journal Information:
- Journal Volume: 10; Journal Issue: 2; Journal ID: ISSN 1551-3203
- Publisher:
- IEEE
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING; Autonomic Computing; control systems; industrial ecosystems; network security; service oriented architecture
Citation Formats
Vollmer, Todd, Manic, Milos, and Linda, Ondrej. Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness. United States: N. p., 2013.
Web. doi:10.1109/TII.2013.2270373.
Vollmer, Todd, Manic, Milos, & Linda, Ondrej. Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness. United States. https://doi.org/10.1109/TII.2013.2270373
Vollmer, Todd, Manic, Milos, and Linda, Ondrej. Sat .
"Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness". United States. https://doi.org/10.1109/TII.2013.2270373. https://www.osti.gov/servlets/purl/1116753.
@article{osti_1116753,
title = {Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness},
author = {Vollmer, Todd and Manic, Milos and Linda, Ondrej},
abstractNote = {The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.},
doi = {10.1109/TII.2013.2270373},
journal = {IEEE Transactions on Industrial Informatics},
number = 2,
volume = 10,
place = {United States},
year = {Sat Jun 01 00:00:00 EDT 2013},
month = {Sat Jun 01 00:00:00 EDT 2013}
}
Web of Science
Works referencing / citing this record:
Security Attacks in Wireless Sensor Networks: A Survey
book, January 2018
- Dewal, Prachi; Narula, Gagandeep Singh; Jain, Vishal
- Advances in Intelligent Systems and Computing