skip to main content
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness

Abstract

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally themore » anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.« less

Authors:
 [1];  [2];  [3]
  1. Idaho National Lab. (INL), Idaho Falls, ID (United States)
  2. Univ. of Idaho, Idaho Falls, ID (United States)
  3. Expedia Incorporated, Bellevue, WA (United States)
Publication Date:
Research Org.:
Idaho National Lab. (INL), Idaho Falls, ID (United States)
Sponsoring Org.:
USDOE Office of Electricity Delivery and Energy Reliability (OE)
OSTI Identifier:
1116753
Report Number(s):
INL/JOU-12-25687
Journal ID: ISSN 1551-3203
Grant/Contract Number:  
AC07-05ID14517
Resource Type:
Accepted Manuscript
Journal Name:
IEEE Transactions on Industrial Informatics
Additional Journal Information:
Journal Volume: 10; Journal Issue: 2; Journal ID: ISSN 1551-3203
Publisher:
IEEE
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING; Autonomic Computing; control systems; industrial ecosystems; network security; service oriented architecture

Citation Formats

Vollmer, Todd, Manic, Milos, and Linda, Ondrej. Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness. United States: N. p., 2013. Web. doi:10.1109/TII.2013.2270373.
Vollmer, Todd, Manic, Milos, & Linda, Ondrej. Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness. United States. doi:10.1109/TII.2013.2270373.
Vollmer, Todd, Manic, Milos, and Linda, Ondrej. Sat . "Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness". United States. doi:10.1109/TII.2013.2270373. https://www.osti.gov/servlets/purl/1116753.
@article{osti_1116753,
title = {Autonomic Intelligent Cyber Sensor to Support Industrial Control Network Awareness},
author = {Vollmer, Todd and Manic, Milos and Linda, Ondrej},
abstractNote = {The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of Autonomic computing and a SOAP based IF-MAP external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, self-managed framework. The contribution of this paper is two-fold: 1) A flexible two level communication layer based on Autonomic computing and Service Oriented Architecture is detailed and 2) Three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific Operating System and port configurations. Additionally the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.},
doi = {10.1109/TII.2013.2270373},
journal = {IEEE Transactions on Industrial Informatics},
number = 2,
volume = 10,
place = {United States},
year = {2013},
month = {6}
}

Journal Article:
Free Publicly Available Full Text
Publisher's Version of Record

Citation Metrics:
Cited by: 10 works
Citation information provided by
Web of Science

Save / Share: