Employing invariants for anomaly detection in software defined networking based industrial internet of things

Abstract

Owing to its integration with cyber, Industrial Internet of Things (IIoT) is susceptible to integrity attacks, thereby inflicting fatal consequences both in industrial and economic domains. Compared to traditional networks, IIoT based on Software Defined Network (SDN) provides various network secur ity enhancements thereby decreasing the effects of the integrity attacks. In an industrial process, anomaly detection with negligible false positives is the ideal intrusion detection mode, where the prerequisite of storing the attack patterns or acquiring the exhaustive knowledge of the devices in IIoT is not required. This research is an extension of our previous work, which employed a hybrid of specification and anomaly detection methods to recognize anomalies of critical components from a water treatment test bed at the Singapore University of Technology and Design (SUTD). The proposed work defines invariants for all the processes of the test bed. Any conflict from the invariants is notified as an intrusion and the compromised device is identified. The validation is done through Mininet tool with the testbed dataset. Out of the 30 successful attacks, this effort discovers 29 attacks with the detection rate of 96.5% and false positive rate of 6.5%.