Abstract
Industrial control systems (ICSs) are facing increasingly severe security threats. Zone isolation, a commonly adopted idea for stopping attack propagation in general information systems, has been investigated for ICS security protection. It is usually implemented through perimeter security techniques. However, anomaly states of the physical processes in a compromised field zone may spread into other zones through the inter-zone information interaction. Due to the coupling of the physical processes between different zones, it is difficult to prevent the propagation of attack impact in ICSs. In this paper, a software-defined security (SDSec) approach is presented to address this problem. It consists of a hybrid anomaly detection module and a multi-level security response module, both of which work together to secure the ICS field zones. The hybrid anomaly detection module inspects anomaly behaviors from the perspectives of network communications and physical process states. The multi-level security response module helps prevent unapproved packets from communications, thus isolating any compromised zone. It also generates attack mitigation strategies to secure physical processes. Hardware-in-the-loop simulations are conducted to demonstrate the effectiveness of the presented approach.
Highlights
Industrial control systems (ICSs) are facing increasingly severe security threats from cyber-attacks
In summary, our experiments have demonstrated that: 1) Different types of attacks on both networks and physical processes can be detected by our hybrid anomaly detection with a low time consumption and a high accuracy; and 2) Our response strategy for security protection behaves with good performance in regulating the network communications and the physical process of the ICS in the presence of cyberattacks
An softwaredefined security (SDSec)-based approach has been presented in this paper for the field zones of ICSs
Summary
Industrial control systems (ICSs) are facing increasingly severe security threats from cyber-attacks. Our work in this paper makes the following contributions: 1) Considering both inter-zone communications and intra-zone physical processes, a systematic security solution including anomaly detection and security response is presented for securing the ICS field zones It is implemented by an SDSec-based protection framework, which enables a bypassed deployment to reduce the need of redesigning or configuring the control laws in the local field zones, as well as modifying the legacy network architecture; 2) An hybrid anomaly detection mechanism that integrates multiple improved detection techniques is VOLUME 7, 2019 proposed to overcome the problem on insufficient comprehensiveness by a single detection method.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
