Industrial Network Protection by SDN-Based IPS with AI

  • Filip HolikEmail author
  • Petr Dolezel
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1178)


This paper analyses requirements of industrial networks in relation to usability of the software-defined networking concept. This modern approach to centralized software management of data networks can bring many advantages, especially in security area, into industrial networks. These networks, originally based on proprietary protocols, are nowadays being transformed into standard IP-based networks. This transition promises significant cost saving and operation simplification, but it makes industrial networks more vulnerable to modern security threats. These threats are now using automation and distributed resources to increase the number of successful security incidents.

The paper defines requirements for a software-defined network-based protection system to mitigate these threats. Based on these requirements, the system is designed and implemented. To cope with complex security threats, the system implements a functionality of artificial intelligence, which can autonomously perform various filtering operations. The system is evaluated with a positive result as the artificial intelligence achieves a success rate of over 99%.


AI Industrial networks IPS Neural networks SDN 


  1. 1.
    IEC 61850–5: Communication networks and systems in substation, Geneva, Switzerland (2003).
  2. 2.
    Alsmadi, I.M., AlEroud, A.: SDN-based real-time IDS/IPS alerting system. In: Alsmadi, I.M., Karabatis, G., AlEroud, A. (eds.) Information Fusion for Cyber-Security Analytics. SCI, vol. 691, pp. 297–306. Springer, Cham (2017). CrossRefGoogle Scholar
  3. 3.
    Bakhareva, N., Polezhaev, P., Ushakov, Y., Shukhman, A.: SDN-based firewall implementation for large corporate networks (2019).
  4. 4.
    Cheng, Q., Wu, C., Zhou, H., Zhang, Y., Wang, R., Ruan, W.: Guarding the perimeter of cloud-based enterprise networks: an intelligent SDN firewall. In: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 897–902, June 2018.
  5. 5.
    Fiessler, A., Lorenz, C., Hager, S., Scheuermann, B.: Fireflow - high performance hybrid SDN-firewalls with OpenFlow, October 2018, pp. 267–270 (2019).
  6. 6.
    Fortinet: Threat landscape report Q2 2018 (2018).
  7. 7.
    Holik, F.: Meeting smart city latency demands with SDN. In: Huk, M., Maleszka, M., Szczerbicki, E. (eds.) ACIIDS 2019. SCI, vol. 830, pp. 43–54. Springer, Cham (2020). Scholar
  8. 8.
    IBM Security and Ponemon Institute: 2018 cost of a data breach study. Technical report (2018)Google Scholar
  9. 9.
    Knapp, E.D., Langill, J.T.: Chapter 2 - About industrial networks. In: Knapp, E.D., Langill, J.T. (eds.) Industrial Network Security, pp. 9–40, 2nd edn. Syngress, Boston (2015). Scholar
  10. 10.
    Li, H., Wei, F., Hu, H.: Enabling dynamic network access control with anomaly-based IDS and SDN, pp. 13–16 (2019).
  11. 11.
    Lin, K.-S.: A pattern recognition based FMEA for safety-critical SCADA systems. In: Nguyen, N.T., Gaol, F.L., Hong, T.-P., Trawiński, B. (eds.) ACIIDS 2019. LNCS (LNAI), vol. 11432, pp. 26–39. Springer, Cham (2019). Scholar
  12. 12.
    Lueth, K.L.: State of the IoT 2018: number of IoT devices now at 7B - market accelerating.
  13. 13.
    Mahamat Charfadine, S., Flauzac, O., Nolot, F., Rabat, C., Gonzalez, C.: Secure exchanges activity in function of event detection with the SDN. In: Mendy, G., Ouya, S., Dioum, I., Thiaré, O. (eds.) AFRICOMM 2018. LNICST, vol. 275, pp. 315–324. Springer, Cham (2019). Scholar
  14. 14.
    Neu, C.V., Tatsch, C.G., Lunardi, R.C., Michelin, R.A., Orozco, A.M.S., Zorzo, A.F.: Lightweight IPS for port scan in OpenFlow SDN networks. In: NOMS 2018–2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–6, April 2018).
  15. 15.
    Nguyen, D.T., Le, M.T.: A new method for establishing and managing group key against network attacks. In: Nguyen, N.T., Hoang, D.H., Hong, T.-P., Pham, H., Trawiński, B. (eds.) ACIIDS 2018. LNCS (LNAI), vol. 10752, pp. 287–296. Springer, Cham (2018). Scholar
  16. 16.
    Stouffer, K.A., Falco, J.A., Scarfone, K.A.: Sp 800–82. guide to industrial control systems (ICS) security: Supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as programmable logic controllers (PLC). Technical report, Gaithersburg, MD, United States (2011)Google Scholar
  17. 17.
  18. 18.
    Xing, T., Xiong, Z., Huang, D., Medhi, D.: SDNIPS: Enabling software-defined networking based intrusion prevention system in clouds. In: 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 308–311, November 2014Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Faculty of Electrical Engineering and InformaticsUniversity of PardubicePardubiceCzech Republic

Personalised recommendations