Software Defined Networking Opportunities for Intelligent Security Enhancement of Industrial Control Systems

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 649)


In the last years, cyber security of Industrial Control Systems (ICSs) has become an important issue due to the discovery of sophisticated malware that by attacking Critical Infrastructures, could cause catastrophic safety results. Researches have been developing countermeasures to enhance cyber security for pre-Internet era systems, which are extremely vulnerable to threats. This paper presents the potential opportunities that Software Defined Networking (SDN) provides for the security enhancement of Industrial Control Networks. SDN permits a high level of configuration of a network by the separation of control and data planes. In this work, we describe the affinities between SDN and ICSs and we discuss about implementation strategies.


Software defined networking Industrial control systems Security Anomaly detection 



This work has been developed by the intelligent systems for industrial systems group supported by the Department of Education, Language policy and Culture of the Basque Government. It has been partially funded by the European Union’s Horizon 2020 research and innovation programme’s project MC-SUITE under grant agreement No 680478.


  1. 1.
    Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 670–675. IEEE (2013)Google Scholar
  2. 2.
    Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: IECON 2011–37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490–4494. IEEE (2011)Google Scholar
  3. 3.
    Global Energy Cyberattacks: Night dragon. McAfee Foundstone Professional Services and McAfee Labs (2011)Google Scholar
  4. 4.
    Bencsáth, B., Pék, G., Buttyán, L., Félegyházi, M.: Duqu: Analysis, detection, and lessons learned. In: ACM European Workshop on System Security (EuroSec), vol. 2012 (2012)Google Scholar
  5. 5.
    Munro, K.: Deconstructing flame: the limitations of traditional defences. Compu. Fraud Secur. 2012(10), 8–11 (2012)CrossRefGoogle Scholar
  6. 6.
    Bencsáth, B., Pék, G., Buttyán, L., Felegyhazi, M.: The cousins of stuxnet: duqu, flame, and gauss. Future Internet 4(4), 971–1003 (2012)CrossRefGoogle Scholar
  7. 7.
    Nelson, N.: The impact of dragonfly malware on industrial control systems. SANS Institute (2016)Google Scholar
  8. 8.
    Graham, J., Hieb, J., Naber, J.: Improving cybersecurity for industrial control systems. In: 2016 IEEE 25th International Symposium on Industrial Electronics (ISIE), pp. 618–623. IEEE (2016)Google Scholar
  9. 9.
    Mendiola, A., Astorga, J., Jacob, E., Higuero, M.: A survey on the contributions of software-defined networking to traffic engineering. IEEE Commun. Surv. Tutorials (2016)Google Scholar
  10. 10.
    Moteff, J., Copeland, C., Fischer, J.: Critical infrastructures: what makes an infrastructure critical? DTIC Document (2003)Google Scholar
  11. 11.
    Ten, C.-W., Manimaran, G., Liu, C.-C.: Cybersecurity for critical infrastructures: attack and defense modeling. IEEE Trans. Syst. Man Cybern.-Part A Syst. Hum. 40(4), 853–865 (2010)CrossRefGoogle Scholar
  12. 12.
    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16–16 (2011)Google Scholar
  13. 13.
    Galloway, B., Hancke, G.P.: Introduction to industrial control networks. IEEE Commun. Surv. Tutorials 15(2), 860–880 (2013)CrossRefGoogle Scholar
  14. 14.
    Eden, P., Blyth, A., Burnap, P., Cherdantseva, Y., Jones, K., Soulsby, H., Stoddart, K.: A cyber forensic taxonomy for SCADA systems in critical infrastructure. In: International Conference on Critical Information Infrastructures Security. Springer, pp. 27–39 (2015)Google Scholar
  15. 15.
    Cheminod, M., Durante, L., Valenzano, A.: Review of security issues in industrial networks. IEEE Trans. Industr. Inf. 9(1), 277–293 (2013)CrossRefGoogle Scholar
  16. 16.
    Kobara, K.: Cyber physical security for industrial control systems and IoT. IEICE Trans. Inf. Syst. 99(4), 787–795 (2016)CrossRefGoogle Scholar
  17. 17.
    Dabbagh, M., Hamdaoui, B., Guizani, M., Rayes, A.: Software-defined networking security: pros and cons. IEEE Commun. Mag. 53(6), 73–79 (2015)CrossRefGoogle Scholar
  18. 18.
    Mousa, M., Bahaa-Eldin, A.M., Sobh, M.: Software defined networking concepts and challenges. In: 2016 11th International Conference on Computer Engineering & Systems (ICCES), pp. 79–90. IEEE (2016)Google Scholar
  19. 19.
    Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining openflow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)CrossRefGoogle Scholar
  20. 20.
    Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D.: Nice: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)CrossRefGoogle Scholar
  21. 21.
    Hu, H., Han, W., Ahn, G.-J., Zhao, Z.: FLOWGUARD: building robust firewalls for software-defined networks. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 97–102. ACM (2014)Google Scholar
  22. 22.
    Molina, E., Jacob, E., Matias, J., Moreira, N., Astarloa, A.: Using software defined networking to manage and control IEC 61850-based systems. Comput. Electr. Eng. 43, 142–154 (2015)CrossRefGoogle Scholar
  23. 23.
    Dong, X., Lin, H., Tan, R., Iyer, R.K., Kalbarczyk, Z.: Software-defined networking for smart grid resilience: opportunities and challenges. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp. 61–68. ACM (2015)Google Scholar
  24. 24.
    Jyothsna, V., Prasad, V.R., Prasad, K.M.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. 28(7), 26–35 (2011)Google Scholar
  25. 25.
    Kleinman, A., Wool, A.: Accurate modeling of the siemens S7 scada protocol for intrusion detection and digital forensics. J. Digital Forensics Secur. Law JDFSL 9(2), 37 (2014)Google Scholar
  26. 26.
    Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the second ACM SIGCOMM workshop on Hot Topics in Software Defined Networking, pp. 55–60. ACM (2013)Google Scholar
  27. 27.
    McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: Openflow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)CrossRefGoogle Scholar
  28. 28.
    Doria, A., Salim, J.H., Haas, R., Khosravi, H., Wang, W., Dong, L., Gopal, R., Halpern, J.: Forwarding and control element separation (ForCES) protocol specification. Technical report (2010)Google Scholar
  29. 29.
    Hares, S., White, R.: Software-defined networks and the interface to the routing system (I2RS). IEEE Internet Comput. 17(4), 84–88 (2013)CrossRefGoogle Scholar
  30. 30.
    Gredler, H., Medved, J., Previdi, S., Farrel, A., Ray, S.: North-bound distribution of link-state and traffic engineering (TE) information using BGP. Technical report (2016)Google Scholar
  31. 31.
    Alimi, R., Yang, Y., Penno, R.: Application-layer traffic optimization (ALTO) protocol (2014)Google Scholar
  32. 32.
    Pfaff, B., Davie, B.: The open vSwitch database management protocol (2013)Google Scholar
  33. 33.
    Narisetty, R., Dane, L., Malishevskiy, A., Gurkan, D., Bailey, S., Narayan, S., Mysore, S.: Openflow configuration protocol: implementation for the of management plane. In: 2013 Second GENI Research and Educational Experiment Workshop (GREE), pp. 66–67. IEEE (2013)Google Scholar
  34. 34.
    Enns, R.: NETCONF configuration protocol (2006)Google Scholar
  35. 35.
    Antonioli, D., Tippenhauer, N.O.: MiniCPS: a toolkit for security research on CPS networks. In: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or PrivaCy, pp. 91–100. ACM (2015)Google Scholar
  36. 36.
    M. Team: Mininet: An instant virtual network on your laptop (or other PC) (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Electronics and Computing DepartmentMondragon UniversityArrasate-MondragónSpain

Personalised recommendations