Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

Vollmer, Todd; Manic, Milos; Linda, Ondrej

doi:10.1109/TII.2013.2270373

Title: Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

Abstract

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally themore »« less

Authors:

Vollmer, Todd ^[1]; Manic, Milos ^[2]; Linda, Ondrej ^[3]

Idaho National Lab. (INL), Idaho Falls, ID (United States)
Univ. of Idaho, Idaho Falls, ID (United States)
Expedia Incorporated, Bellevue, WA (United States)

Publication Date:: Sat Jun 01 00:00:00 EDT 2013

Research Org.:: Idaho National Lab. (INL), Idaho Falls, ID (United States)

Sponsoring Org.:: USDOE Office of Electricity (OE)

OSTI Identifier:: 1116753

Report Number(s):: INL/JOU-12-25687
Journal ID: ISSN 1551-3203

Grant/Contract Number:: AC07-05ID14517

Resource Type:: Accepted Manuscript

Journal Name:: IEEE Transactions on Industrial Informatics

Additional Journal Information:: Journal Volume: 10; Journal Issue: 2; Journal ID: ISSN 1551-3203

Publisher:: IEEE

Country of Publication:: United States

Language:: English

Subject:: 97 MATHEMATICS AND COMPUTING; Autonomic Computing; control systems; industrial ecosystems; network security; service oriented architecture

Citation Formats


                    Vollmer, Todd, Manic, Milos, and Linda, Ondrej. Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness.  United States: N. p., 2013. 
Web.  doi:10.1109/TII.2013.2270373.

Copy to clipboard


                    Vollmer, Todd, Manic, Milos, & Linda, Ondrej. Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness.  United States.  https://doi.org/10.1109/TII.2013.2270373

Copy to clipboard


                    Vollmer, Todd, Manic, Milos, and Linda, Ondrej. Sat .  
"Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness".  United States.  https://doi.org/10.1109/TII.2013.2270373.  https://www.osti.gov/servlets/purl/1116753.

Copy to clipboard


                    
@article{osti_1116753,

  title        = {Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness},

  author       = {Vollmer, Todd and Manic, Milos and Linda, Ondrej},

  abstractNote = {The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.},

  doi          = {10.1109/TII.2013.2270373},

  journal      = {IEEE Transactions on Industrial Informatics},

  number       = 2,

  volume       = 10,

  place        = {United States},

  year         = {Sat Jun 01 00:00:00 EDT 2013},

  month        = {Sat Jun 01 00:00:00 EDT 2013}

}

Copy to clipboard

Journal Article:

Free Publicly Available Full Text

Accepted Manuscript (DOE)

Publisher's Version of Record

https://doi.org/10.1109/TII.2013.2270373

Other availability

Search WorldCat to find libraries that may hold this journal

Citation Metrics:

Cited by: 18 works

Citation information provided by
Web of Science

Save / Share:

Export Metadata

Save to My Library

Works referencing / citing this record:

Security Attacks in Wireless Sensor Networks: A Survey
book, January 2018

Dewal, Prachi; Narula, Gagandeep Singh; Jain, Vishal
Advances in Intelligent Systems and Computing
DOI: 10.1007/978-981-10-8536-9_6

Similar Records in DOE PAGES and OSTI.GOV collections:

Autonomic Intelligent Cyber Sensor (AICS) Version 1.0.1

Software Vollmer, Denis Todd ; Manic, Milos ; Linda, Ondrej

The Autonomic Intelligent Cyber Sensor (AICS) provides cyber security and industrial network state awareness for Ethernet based control network implementations. The AICS utilizes collaborative mechanisms based on Autonomic Research and a Service Oriented Architecture (SOA) to: 1) identify anomalous network traffic; 2) discover network entity information; 3) deploy deceptive virtual hosts; and 4) implement self-configuring modules. AICS achieves these goals by dynamically reacting to the industrial human-digital ecosystem in which it resides. Information is transported internally and externally on a standards based, flexible two-level communication structure.
Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks

Journal Article Vollmer, Todd ; Manic, Milos - IEEE Transactions on Industrial Informatics

A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real-world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examine control system network traffic and actively adapt to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, anmore »« less
Cited by 41
https://doi.org/10.1109/TII.2014.2304633

Full Text Available
Attack Surface Analysis of the Digital Twins interface with Advanced Sensor and Instrumentation Interfaces: Cyber Threat Assessment and Attack Demonstration for Digital Twins in Advanced Reactor Architectures - M3CT-23IN1105033

Technical Report Spirito, Christopher M ; Ly, Jeff ; Veretennikov, Michael

A digital twin is a virtual representation of a physical system or object using real-time data that can predict and analyze how the system or object performs. This relatively new technology can be applied to the field of nuclear power generation, to aid in the design and development of new nuclear power plants and reduce operation costs using predictive maintenance and other data analytical methods. While there are already companies utilizing simulation software to train operators and technicians in the nuclear industry, some are now transitioning to utilizing their existing technology, software, and methods to develop digital twin solutions formore »« less
Full Text Available
Electrical Fault Detection, Power Quality, Distributed Energy Resource Use Cases, and Cyber Event Applications with the Cyber Grid Guard System Using Distributed Ledger Technology

Technical Report Piesciorovsky, Emilio ; Hahn, Gary ; Borges Hink, Raymond ; ...

Electrical utilities continue to deploy more intelligent electronic devices (IEDs) inside and outside electrical substation and are associated with distributed energy resources (DERs). The integrity and confidentiality of data from IEDs is crucial, and distributed ledger technology (DLT) could improve the resilience of microgrids by helping to make these data more secure. The most popular applications using blockchain technology for electrical utilities is in the field is based on energy trading. However, the dynamism of the penetration of customer owned DERs and the deployment of sensors with IEDs have led to the identification of new applications using DLT that aremore »« less
https://doi.org/10.2172/1994679

Full Text Available
Enabling a Decentralized Smart Grid Using Autonomous Edge Control Devices

Journal Article Kulkarni, Shreyas ; Gu, Qinchen ; Myers, Eric ; ... - IEEE Internet of Things Journal (Online)

As a large number of distributed devices are connected to the modern smart grid, the traditional centralized connectivity models fail to provide economic value. These models have relied on sending data to the cloud for processing and receiving commands to exert control actions, resulting in an ‘on-demand system’ with high bandwidth, low latency and an overload of data on the cloud. For realizing a decentralized system, there is a strong need to embed intelligence at the ‘edge of the network’. These intelligent devices, capable of sensing, local data processing and exerting control actions, report only actionable information to the cloud,more »« less
https://doi.org/10.1109/jiot.2019.2898837

Full Text Available

Similar Records

Title: Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

Abstract

Citation Formats

Security Attacks in Wireless Sensor Networks: A Survey book, January 2018

Security Attacks in Wireless Sensor Networks: A Survey
book, January 2018