Sage Journals: Discover world-class research

Abstract

Without an iota of doubt, security, safety, and privacy are the most critical aspects of any Industrial Internet of Things (IIoT) environment. Among the existing intrusion detection methods, knowledge-based methods discover only the recognized attacks, the behavior-based methods suffer from high false positives, and specification-based methods demand the complete knowledge about the elements present in the IIoT environment. Examining the heterogeneous data from different and distributed sensors and sending the correct commands to actuators are vital to the increasingly industrialized economy. This work proposes an Intrusion Detection System (IDS) for the IIoT environment that combines both the anomaly and specification-based approaches. The resulting system overcomes the limitations of the contemporary techniques by detecting unidentified attacks. All kinds of data emanating from any IIoT setup comprising sensors and actuators are logged, and specification rules are constructed from it. Any violations of the created rules are treated as attacks. The validation is carried out through simulation using the Mininet tool with the dataset obtained from the real-world water treatment facility at the Singapore University of Technology and Design (SUTD). The results show only 3.2% of false positives with the detection rate of 96.4%.

Keywords

Industrial internet of things software defined networking intrusion detection specification

Get full access to this article

View all access options for this article.

References

Stouffer

, Pillitteri

, Lightman

, Abrams

and Hahn

, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82 (2015).

Framework for Cyber-Physical Systems: Volume 2, Working Group Reports2 (2017).

Cherdantseva

, et al., A review of cyber security risk assessment methods for SCADA systems, Computers & Security56 (2015), 1–27.

Mitchell

and Chen

I.R.

, A survey of intrusion detection techniques for cyber-physical systems, ACM Computing Surveys (CSUR)46(4) (2014), 1–29.

Kreutz

, et al., Software-defined networking: A comprehensive survey, Proceedings of the IEEE103(1) (2015), 17–76.

Scott-Hayward

, Natarajan

and Sezer

, A survey of security in software defined networks, IEEE Communications Surveys and Tutorials18(1) (2016), 623–654.

Surendar

, Balakrishnan

and Umamakeswari

, Framework for anomaly detection in industrial internet of things driven by software defined networking, 115(6) (2017), 409–412.

Goh

, Adepu

, Junejo

K.N.

and Mathur

, A dataset to support research in the design of secure water treatment systems, Proceedings of the 11th International Conference on Critical Information Infrastructures Security (2016).

Mitchell

and Chen

I.R.

, Behavior-rule based intrusion detection systems for safety critical smart grid applications, IEEE Transactions on Smart Grid4(3) (2013), 1254–1263.

10.

Mitchell

and Chen

I.R.

, Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications, IEEE Transactions on Systems, Man, and Cybernetics: Systems44(5) (2014), 593–604.

11.

Mitchell

and Chen

I.R.

, Behavior rule specification-based intrusion detection for safety critical medical cyber physical systems, IEEE Transactions on Dependable and Secure Computing12(1) (2015), 16–30.

12.

Ntalampiras

, Detection of integrity attacks in cyber-physical critical infrastructures using ensemble modeling, IEEE Transactions on Industrial Informatics11(1) (2015), 104–111.

13.

Ntalampiras

, Automatic identification of integrity attacks in cyber-physical systems, Expert Systems with Applications58 (no. April 2014) (2016), 164–173.

14.

Almalawi

, Fahad

, Tari

, Alamri

, Alghamdi

and Zomaya

A.Y.

, An efficient data-driven clustering technique to detect attacks in SCADA systems, IEEE Transactions on Information Forensics and Security11(5) (2016), 893–906.

15.

Yang

, et al., Multiattribute SCADA-specific intrusion detection system for power networks, IEEE Transactions on Power Delivery29(3) (2014), 1092–1102.

16.

Kang

, Kim

, Na

and Jhang

, Whitelists based multiple filtering techniques in SCADA sensor networks, Journal of Applied Mathematics (2014), 1–7.

17.

, Xie

, Deng

and Wang

, False sequential logic attack on SCADA system and its physical impact analysis, Computers and Security58 (2016), 149–159.

18.

Adepu

and Mathur

, An investigation into the response of a water treatment system to cyber attacks, Proceedings of the 17th IEEE International Symposium on High Assurance Systems Engineering (HASE) (2016), 141–148.

19.

Yoon

, Park

, Lee

, Kang

, Shin

and Zhang

, Enabling security functions with SDN: A feasibility study, Computer Networks85 (2015), 19–35.

20.

Cho

C.H.

, Lee

J.B.

, Do Kim

and Ryoo

J.D.

, A Sophisticated Packet Forwarding Scheme with Deep Packet Inspection in an OpenFlow Switch, Proceedings of the 1st International Conference on Software Networking (ICSN) (2016).

21.

Vladutu

, Comaneci

and Dobre

, Internet traffic classification based on flows’ statistical properties with machine learning, International Journal of Network Management (2016), 17–31.

22.

Edmonds

, Kim

, Sun-il, MacIntyre, Karuppanchetty

and Nwanze

, Efficient tuning methodologies for a network payload anomaly inspection scheme, Proceedings of the 13th IEEE Annual Consumer Communications and Networking Conference (CCNC) (2016), 752–758.

23.

Trabelsi

, Zeidan

and Masud

M.M.

, Network packet filtering and deep packet inspection hybrid mechanism for IDS early packet matching, Proceedings of the 30th International Conference on Advanced Information Networking and Applications, (AINA) (2016), 808–815.

Data driven intrusion detection system for software defined networking enabled industrial internet of things

Abstract

Keywords

Get full access to this article

References