Cyber-Physical Architecture for Automated Responses (CyPhAAR) Using SDN in Adversarial OT Environments

The ability to react to a malicious attack starts with high fidelity recognition, and with that, an agile response to the attack. The current Operational Technology (OT) systems for a critical infrastructure include an intrusion detection system (IDS), but the ability to adapt to an intrusion is a human initiated response. Orchestrators, which are coming of age in the financial sector and allow for levels of automated response, are not prevalent in the OT space. To evolve to such responses in the OT space, a tradeoff analysis is first needed. This tradeoff analysis should evaluate the mitigation benefits of responses versus the physical affects that result. Providing an informed and automated response decision. This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR).

[1]  Panos Kampanakis,et al.  Security Automation and Threat Information-Sharing Options , 2014, IEEE Security & Privacy.

[2]  Milos Manic,et al.  Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks , 2014, IEEE Transactions on Industrial Informatics.

[3]  Jianwei Liu,et al.  A Compatible OpenFlow Platform for Enabling Security Enhancement in SDN , 2018, Secur. Commun. Networks.

[4]  Chunjie Zhou,et al.  A Dynamic Decision-Making Approach for Intrusion Response in Industrial Control Systems , 2019, IEEE Transactions on Industrial Informatics.

[5]  William W. Streilein,et al.  Towards automated cyber decision support: A case study on network segmentation for security , 2016, 2016 IEEE Symposium Series on Computational Intelligence (SSCI).

[6]  Andrés Felipe Murillo-Piedrahita,et al.  Leveraging Software-Defined Networking for Incident Response in Industrial Control Systems , 2017, IEEE Software.

[7]  Alvaro A. Cárdenas,et al.  Enhancing the Resiliency of Cyber-Physical Systems with Software-Defined Networks , 2019, CPS-SPC@CCS.

[8]  Jamie B. Coble,et al.  Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data , 2019, IEEE Transactions on Industrial Informatics.

[9]  Tarik Taleb,et al.  A Survey on Emerging SDN and NFV Security Mechanisms for IoT Systems , 2019, IEEE Communications Surveys & Tutorials.

[10]  Milos Manic,et al.  Fuzzy logic based anomaly detection for embedded network security cyber sensor , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[11]  Bernd Jäger,et al.  Security Orchestrator: Introducing a Security Orchestrator in the Context of the ETSI NFV Reference Architecture , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[12]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[13]  Malek Ben Salem,et al.  Orchestration of software-defined security services , 2016, 2016 IEEE International Conference on Communications Workshops (ICC).

[14]  Milos Manic,et al.  Autonomic Intelligent Cyber-Sensor to Support Industrial Control Network Awareness , 2014, IEEE Transactions on Industrial Informatics.

[15]  Lingfeng Wang,et al.  Coordinated attacks on electric power systems in a cyber-physical environment , 2017 .

[16]  Ahmed Meddahi,et al.  SecMANO: Towards Network Functions Virtualization (NFV) Based Security MANagement and Orchestration , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.