Implementation of deep packet inspection in smart grids and industrial Internet of Things: Challenges and opportunities

Abstract Upgrading a power grid to a smart grid is a challenging task. For example, since power grids were originally developed to support unidirectional communications, the migration process requires architectural and cybersecurity upgrades due to the integration of devices using bidirectional communication. The integration of these devices opens numerous avenues for cyber attacks, although they also enable numerous capabilities in smart grids. To protect the smart grid from cyber threats, it is important for industry and academia to explore and implement practical cybersecurity models together, for example collaboratively designing and developing suitable smart grid testbeds to facilitate research. In this paper, we survey existing literature relating to the infrastructure and communications for the energy sector and smart grids. Specifically, we study existing recommendations and models from government agencies (e.g. NIST and DOE) and academia, and evaluate deep packet inspection (DPI) approaches as a security tool for smart grids. We also propose a conceptual SDN-based security monitoring framework based on SDN, Network Behavior Analysis (NBA), Deep Learning Models, and DPI attack corroboration, as well as a conceptual forensic-driven security monitoring framework where digital forensics and investigation capabilities are integrated to inform security monitoring.

[1]  Udi Manber,et al.  Approximate Multiple Strings Search , 1996, CPM.

[2]  Meng Zhang,et al.  Space-Economical Reassembly for Intrusion Detection System , 2003, ICICS.

[3]  Srihari Cadambi,et al.  Memory-Efficient Regular Expression Search Using State Merging , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[4]  Carey L. Williamson,et al.  A Longitudinal Study of P2P Traffic Classification , 2006, 14th IEEE International Symposium on Modeling, Analysis, and Simulation.

[5]  Nilesh Marathe,et al.  A survey on Finite Automata based pattern matching techniques for network Intrusion Detection System (NIDS) , 2014, 2014 International Conference on Advances in Electronics Computers and Communications.

[6]  Patrick Crowley,et al.  An improved algorithm to accelerate regular expression evaluation , 2007, ANCS '07.

[7]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[8]  Mohammad M. Masud,et al.  Network Packet Filtering and Deep Packet Inspection Hybrid Mechanism for IDS Early Packet Matching , 2016, 2016 IEEE 30th International Conference on Advanced Information Networking and Applications (AINA).

[9]  Eric Torng,et al.  An overlay automata approach to regular expression matching , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[10]  Kim-Kwang Raymond Choo,et al.  Web application protection techniques: A taxonomy , 2016, J. Netw. Comput. Appl..

[11]  Ron K. Cytron,et al.  A Scalable Architecture For High-Throughput Regular-Expression Pattern Matching , 2006, 33rd International Symposium on Computer Architecture (ISCA'06).

[12]  Zhongding Lei,et al.  IEEE 802.22: The first cognitive radio wireless regional area network standard , 2009, IEEE Communications Magazine.

[13]  Anja Feldmann,et al.  Packet Capture in 10-Gigabit Ethernet Environments Using Contemporary Commodity Hardware , 2007, PAM.

[14]  R. Nigel Horspool,et al.  Practical fast searching in strings , 1980, Softw. Pract. Exp..

[15]  Somesh Jha,et al.  XFA: Faster Signature Matching with Extended Automata , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[16]  Eric Torng,et al.  Bypassing Space Explosion in High-Speed Regular Expression Matching , 2014, IEEE/ACM Transactions on Networking.

[17]  Randy Smith,et al.  Efficient signature matching with multiple alphabet compression tables , 2008, SecureComm.

[18]  Milton Mueller,et al.  The end of the net as we know it? Deep packet inspection and internet governance , 2011 .

[19]  Ali Dehghantanha,et al.  CloudMe forensics: A case of big data forensic investigation , 2017, Concurr. Comput. Pract. Exp..

[20]  Viktor K. Prasanna,et al.  FEACAN: Front-end acceleration for content-aware network processing , 2011, 2011 Proceedings IEEE INFOCOM.

[21]  Patrick Crowley,et al.  Extending finite automata to efficiently match Perl-compatible regular expressions , 2008, CoNEXT '08.

[22]  Sinem Coleri Ergen,et al.  Security vulnerabilities of IEEE 802.11p and visible light communication based platoon , 2016, 2016 IEEE Vehicular Networking Conference (VNC).

[23]  Milton Mueller DPI Technology from the standpoint of Internet governance studies: An introduction , 2011 .

[24]  Judith Kelner,et al.  Deep packet inspection tools and techniques in commodity platforms: Challenges and trends , 2012, J. Netw. Comput. Appl..

[25]  Sarang Dharmapurikar,et al.  Robust TCP Stream Reassembly in the Presence of Adversaries , 2005, USENIX Security Symposium.

[26]  Yuan-Cheng Lai,et al.  Profiling and accelerating string matching algorithms in three network content security applications , 2006, IEEE Communications Surveys & Tutorials.

[27]  Judith Kelner,et al.  Design and optimizations for efficient regular expression matching in DPI systems , 2015, Comput. Commun..

[28]  Ali Dehghantanha,et al.  Detecting crypto-ransomware in IoT networks based on energy consumption footprint , 2018, J. Ambient Intell. Humaniz. Comput..

[29]  George Varghese,et al.  Deterministic memory-efficient string matching algorithms for intrusion detection , 2004, IEEE INFOCOM 2004.

[30]  Patrick Crowley,et al.  A-DFA: A Time- and Space-Efficient DFA Compression Algorithm for Fast Regular Expression Evaluation , 2013, TACO.

[31]  Viktor K. Prasanna,et al.  Space-time tradeoff in regular expression matching with semi-deterministic finite automata , 2011, 2011 Proceedings IEEE INFOCOM.

[32]  Andrew Chi-Chih Yao,et al.  The Complexity of Pattern Matching for a Random String , 1977, SIAM J. Comput..

[33]  Kim-Kwang Raymond Choo,et al.  Cloud forensics: State-of-the-art and future directions , 2016, Digit. Investig..

[34]  Kai Wang,et al.  Towards fast regular expression matching in practice , 2013, SIGCOMM.

[35]  Kai Wang,et al.  Practical regular expression matching free of scalability and performance barriers , 2014, Comput. Commun..

[36]  Xuemin Shen,et al.  SRC: a multicore NPU-based TCP stream reassembly card for deep packet inspection , 2014, Secur. Commun. Networks.

[37]  Judith Kelner,et al.  A Survey on Internet Traffic Identification , 2009, IEEE Communications Surveys & Tutorials.

[38]  Fulvio Risso,et al.  Lightweight, Payload-Based Traffic Classification: An Experimental Evaluation , 2008, 2008 IEEE International Conference on Communications.

[39]  Milton L. Mueller,et al.  Policing the Network: Using DPI for Copyright Enforcement , 2012 .

[40]  Nen-Fu Huang,et al.  A fast string-matching algorithm for network processor-based intrusion detection system , 2004, TECS.

[41]  Stefano Giordano,et al.  Differential Encoding of DFAs for Fast Regular Expression Matching , 2011, IEEE/ACM Transactions on Networking.

[42]  Aiko Pras,et al.  Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX , 2014, IEEE Communications Surveys & Tutorials.

[43]  NamUk Kim,et al.  A Scalable Carrier-Grade DPI System Architecture Using Synchronization of Flow Information , 2014, IEEE Journal on Selected Areas in Communications.

[44]  Xiaodong Yu,et al.  Revisiting State Blow-Up: Automatically Building Augmented-FA While Preserving Functional Equivalence , 2014, IEEE Journal on Selected Areas in Communications.

[45]  Jonathan S. Turner,et al.  Advanced algorithms for fast and scalable deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[46]  Pavel Piskac,et al.  Using of Time Characteristics in Data Flow for Traffic Classification , 2011, AIMS.

[47]  Li Guo,et al.  Towards Fast and Optimal Grouping of Regular Expressions via DFA Size Estimation , 2014, IEEE Journal on Selected Areas in Communications.

[48]  Judith Kelner,et al.  Deterministic Finite Automaton for scalable traffic identification: The power of compressing by range , 2012, 2012 IEEE Network Operations and Management Symposium.

[49]  Richard M. Karp,et al.  Efficient Randomized Pattern-Matching Algorithms , 1987, IBM J. Res. Dev..

[50]  Kim-Kwang Raymond Choo,et al.  Cloud Storage Forensics , 2013, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[51]  Jan van Lunteren,et al.  High-Performance Pattern-Matching for Intrusion Detection , 2006, INFOCOM.

[52]  Siu-Ming Yiu,et al.  A Survey on Regular Expression Matching for Deep Packet Inspection: Applications, Algorithms, and Hardware Platforms , 2016, IEEE Communications Surveys & Tutorials.

[53]  Luigi Rizzo,et al.  netmap: A Novel Framework for Fast Packet I/O , 2012, USENIX ATC.

[54]  Eduardo Rocha,et al.  A Survey of Payload-Based Traffic Classification Approaches , 2014, IEEE Communications Surveys & Tutorials.

[55]  George Varghese,et al.  Curing regular expressions matching algorithms from insomnia, amnesia, and acalculia , 2007, ANCS '07.

[56]  Ken Thompson,et al.  Programming Techniques: Regular expression search algorithm , 1968, Commun. ACM.

[57]  Aziz Mohaisen,et al.  A Survey on Deep Packet Inspection for Intrusion Detection Systems , 2008, ArXiv.

[58]  Paulo Salvador,et al.  Detection of Illicit Network Activities Based on Multivariate Gaussian Fitting of Multi-Scale Traffic Characteristics , 2011, 2011 IEEE International Conference on Communications (ICC).

[59]  Udi Manber,et al.  A FAST ALGORITHM FOR MULTI-PATTERN SEARCHING , 1999 .

[60]  Stefano Giordano,et al.  On Multi-gigabit Packet Capturing with Multi-core Commodity Hardware , 2012, PAM.

[61]  Christoph Hagleitner,et al.  Memory-efficient distribution of regular expressions for fast deep packet inspection , 2009, CODES+ISSS '09.

[62]  James Stevens,et al.  Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) (Case Study) , 2014 .

[63]  T. V. Lakshman,et al.  Fast and memory-efficient regular expression matching for deep packet inspection , 2006, 2006 Symposium on Architecture For Networking And Communications Systems.

[64]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[65]  Patrick Crowley,et al.  A hybrid finite automaton for practical deep packet inspection , 2007, CoNEXT '07.

[66]  James Won-Ki Hong,et al.  Traffic Classification Based on Flow Similarity , 2009, IPOM.

[67]  Ali Dehghantanha,et al.  Contemporary Digital Forensics Investigations of Cloud and Mobile Applications , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[68]  Tarek N. Saadawi,et al.  Smart Grid DNP3 Vulnerability Analysis and Experimentation , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[69]  Juan Carlos Córdova Zeceña,et al.  Hydra - A DNP3 multiplexing platform for SCADA system switchover , 2017, 2017 IEEE XXIV International Conference on Electronics, Electrical Engineering and Computing (INTERCON).

[70]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[71]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[72]  Timothy Sherwood,et al.  A High Throughput String Matching Architecture for Intrusion Detection and Prevention , 2005, ISCA 2005.

[73]  Ralf Bendrath Global technology trends and national regulation: Explaining Variation in the Governance of Deep Packet Inspection , 2009 .

[74]  Kim-Kwang Raymond Choo,et al.  User profiling in intrusion detection: A review , 2016, J. Netw. Comput. Appl..

[75]  Maurizio Dusi,et al.  Quantifying the accuracy of the ground truth associated with Internet traffic traces , 2011, Comput. Networks.

[76]  Zvi Galil,et al.  On improving the worst case running time of the Boyer-Moore string matching algorithm , 1978, CACM.

[77]  Yasin Kabalci,et al.  A survey on smart metering and smart grid communication , 2016 .

[78]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[79]  Tsern-Huei Lee,et al.  Using String Matching for Deep Packet Inspection , 2008, Computer.

[80]  Thomas Engel,et al.  Towards an Estimation of the Accuracy of TCP Reassembly in Network Forensics , 2008, 2008 Second International Conference on Future Generation Communication and Networking.

[81]  Robert McNaughton,et al.  Regular Expressions and State Graphs for Automata , 1960, IRE Trans. Electron. Comput..

[82]  Baohua Yang,et al.  Packet Classification Algorithms: From Theory to Practice , 2009, IEEE INFOCOM 2009.

[83]  Grenville J. Armitage,et al.  A survey of techniques for internet traffic classification using machine learning , 2008, IEEE Communications Surveys & Tutorials.

[84]  Milton L. Mueller,et al.  Deep Packet Inspection: Effects of Regulation on Its Deployment by Internet Providers , 2013 .

[85]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[86]  Enrico Zio,et al.  Smart electricity meter reliability prediction based on accelerated degradation testing and modeling , 2014 .

[87]  Patrick Crowley,et al.  Algorithms to accelerate multiple regular expressions matching for deep packet inspection , 2006, SIGCOMM 2006.

[88]  Ravishankar K. Iyer,et al.  Software-Defined Networking for Smart Grid Resilience: Opportunities and Challenges , 2015, CPSS@ASIACSS.

[89]  Stefano Giordano,et al.  An improved DFA for fast regular expression matching , 2008, CCRV.

[90]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[91]  Somesh Jha,et al.  Deflating the big bang: fast and scalable deep packet inspection with extended finite automata , 2008, SIGCOMM '08.

[92]  Patrick Crowley,et al.  Efficient regular expression evaluation: theory to practice , 2008, ANCS '08.