Modeling Cost of Countermeasures in Software Defined Networking-enabled Energy Delivery Systems

Abstract

Software defined networking (SDN) is a networking paradigm to provide automated network management at run time through network orchestration and virtualization. SDN is primarily used for quality of service (QoS) and automated response to network failures. In the context of Energy Delivery System (EDS), SDN can also enhance system resilience through recovery from failures and maintaining critical operations during cyber attacks. Researchers have proposed SDN based architectures for autonomous attack containment, which dynamically modifies access control rules based on configurable trust levels. One of the challenges with such architectures is the lack of a cost model to select the countermeasure which balances the trade-off between security risk and network QoS. Prior to choosing a particular countermeasure which either quarantines the attack or mitigates the impact, it is also critical to assess the impact on the ability of the operator to conduct normal operations. In this paper, we present an approach to aid in selection of security countermeasures dynamically in an SDN enabled EDS and achieving tradeoff between providing security and QoS. We present the modeling of security cost based on end-to-end packet delay and throughput. We propose a non-dominated sorting based multi-objective optimization framework which can be implemented within an SDN controller to address the joint problem of optimizing between security and QoS parameters by alleviating time complexity at $O(MN^{2})$. The $M$ is the number of objective functions and $N$ is the number of population for each generation respectively. We present simulation results which illustrate how data availability and data integrity can be achieved while maintaining QoS constraints.