Deep Reinforcement Learning for Securing Software-Defined Industrial Networks With Distributed Control Plane

The development of software-defined industrial networks (SDIN) promotes the programmability and customizability of the industrial networks and is suitable to cope with the challenges brought by new manufacturing modes. For building more scalable and reliable SDIN, a distributed control plane with multicontroller collaboration becomes a promising option. However, as the brain of SDIN, the security of the distributed control plane is rarely considered. In addition to suffering direct attacks, each controller is also subjected to attacks propagated by other controllers because of information sharing or management domain takeover, resulting in the spread of attacks in a wider range than a single controller. Therefore, in this article, we study attacks against SDIN with distributed control plane, demonstrate their propagation across multiple controllers, and analyze their impacts. To the best of our knowledge, we are the first to study the security of SDIN with distributed control plane. In addition, since the existing defense mechanisms are not specifically designed for distributed SDIN and cannot defend it perfectly, we propose an attack mitigation scheme based on deep reinforcement learning to adaptively prevent the spread of attacks. Specifically, the novelty of our scheme lies in its ability of learning from the environment and flexibly adjusting the switch takeover decisions to isolate the attack source, so as to tolerate attacks and enhance the resilience of SDIN.

[1]  H. Vincent Poor,et al.  SDN-Enabled Energy-Efficient Routing Optimization Framework for Industrial Internet of Things , 2021, IEEE Transactions on Industrial Informatics.

[2]  Jianping Wu,et al.  Control Plane Reflection Attacks and Defenses in Software-Defined Networks , 2021, IEEE/ACM Transactions on Networking.

[3]  Jiajia Liu,et al.  Location Hijacking Attack in Software-Defined Space–Air–Ground-Integrated Vehicular Network , 2021, IEEE Internet of Things Journal.

[4]  Yanning Zhang,et al.  Topology Poisoning Attack in SDN-Enabled Vehicular Edge Network , 2020, IEEE Internet of Things Journal.

[5]  Zhenyu Wen,et al.  ESMLB: Efficient Switch Migration-Based Load Balancing for Multicontroller SDN in IoT , 2020, IEEE Internet of Things Journal.

[6]  Yuanguo Bi,et al.  Intelligent Quality of Service Aware Traffic Forwarding for Software-Defined Networking/Open Shortest Path First Hybrid Industrial Internet , 2020, IEEE Transactions on Industrial Informatics.

[7]  Kun Wang,et al.  An SDN-Enabled Pseudo-Honeypot Strategy for Distributed Denial of Service Attacks in Industrial Internet of Things , 2020, IEEE Transactions on Industrial Informatics.

[8]  Mauro Conti,et al.  An In-depth Look Into SDN Topology Discovery Mechanisms: Novel Attacks and Practical Countermeasures , 2019, CCS.

[9]  Luca Leonardi,et al.  RT-LoRa: A Medium Access Strategy to Support Real-Time Flows Over LoRa-Based Networks for Industrial IoT Applications , 2019, IEEE Internet of Things Journal.

[10]  Jelena Misic,et al.  Performance Analysis of Multithreaded IoT Gateway , 2019, IEEE Internet of Things Journal.

[11]  Hussein T. Mouftah,et al.  Cloud-Centric Collaborative Security Service Placement for Advanced Metering Infrastructures , 2019, IEEE Transactions on Smart Grid.

[12]  Adnan M. Abu-Mahfouz,et al.  Fragmentation-Based Distributed Control System for Software-Defined Wireless Sensor Networks , 2019, IEEE Transactions on Industrial Informatics.

[13]  Yuxi Li,et al.  Deep Reinforcement Learning , 2018, Reinforcement Learning for Cyber-Physical Systems.

[14]  Pengfei Wang,et al.  SDN-RDCD: A Real-Time and Reliable Method for Detecting Compromised SDN Devices , 2018, IEEE/ACM Transactions on Networking.

[15]  Futai Zou,et al.  Multi-SDN Based Cooperation Scheme for DDoS Attack Defense , 2018, 2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC).

[16]  Lingyu Wang,et al.  Stealthy Probing-Based Verification (SPV): An Active Approach to Defending Software Defined Networks Against Topology Poisoning Attacks , 2018, ESORICS.

[17]  Song Han,et al.  Industrial Internet of Things: Challenges, Opportunities, and Directions , 2018, IEEE Transactions on Industrial Informatics.

[18]  Lei Xu,et al.  Effective Topology Tampering Attacks and Defenses in Software-Defined Networks , 2018, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[19]  Adlen Ksentini,et al.  Formally verified latency-aware VNF placement in industrial Internet of things , 2018, 2018 14th IEEE International Workshop on Factory Communication Systems (WFCS).

[20]  Brendan Jennings,et al.  Software Defined Networks-Based Smart Grid Communication: A Comprehensive Survey , 2018, IEEE Communications Surveys & Tutorials.

[21]  Vinod Yegneswaran,et al.  Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks , 2017, IEEE/ACM Transactions on Networking.

[22]  Ming Yang,et al.  Green and reliable software-defined industrial networks , 2016, IEEE Communications Magazine.

[23]  Athanasios V. Vasilakos,et al.  Software-Defined Industrial Internet of Things in the Context of Industry 4.0 , 2016, IEEE Sensors Journal.

[24]  Chao Yang,et al.  An intensive security architecture with multi-controller for SDN , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[25]  Shane Legg,et al.  Human-level control through deep reinforcement learning , 2015, Nature.

[26]  W. Buck,et al.  MININET , 1979, Prax. Inf.verarb. Kommun..

[27]  Jia Chen,et al.  A Deep Reinforcement Learning Based Switch Controller Mapping Strategy in Software Defined Network , 2020, IEEE Access.

[28]  Sami Souihi,et al.  Distributed SDN Control: Survey, Taxonomy, and Challenges , 2018, IEEE Communications Surveys & Tutorials.

[29]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.