Skip to main content
SpringerLink
Log in

Using Programmable Data Networks to Detect Critical Infrastructure Challenges

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8985))

Abstract

Critical infrastructures must be better protected against challenges to their data communications in the face of increasing numbers of emerging challenges, complexity and society’s demand and intolerance of failures. In this paper, we present a set of challenges and their characteristics by reviewing reported incidents. Using domain specific attributes we discuss how these could be mitigated. We advocate the adoption of the latest programmable networking approaches in critical infrastructure networks and we present our proposed modular architecture with configurable monitoring and security components. Lastly, we show results from a network challenge simulation which highlights the benefits of our approach in providing rapid, precise and effective challenge detection and mitigation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: Workshop on Large Scale Attack Defense, pp. 145–152. ACM (2007)

    Google Scholar 

  2. Eurocontrol website: Rome Fiumicino Airport becomes the 10th A-CDM airport. https://www.eurocontrol.int/news/rome-fiumicino-cdm-implementation-gears-critical-mass-full-benefits. Accessed 27 April 2014

  3. FAA FTI Review Panel: Report on November 19, 2009 Outage (2010)

    Google Scholar 

  4. Flavel, A., Roughan, M., Bean, N., Shaikh, A.: Where’s Waldo? practical searches for stability in iBGP. In: ICNP, pp. 308–317. IEEE (2008)

    Google Scholar 

  5. IAA: Report of the IAA into the ATM System Malfunction, September 2008

    Google Scholar 

  6. Khurshid, A., Zhou, W., Caesar, M., Godfrey, P.: Veriflow : verifying network-wide invariants in real time. In: SIGCOMM, pp. 467–472. ACM (2012)

    Google Scholar 

  7. Kuniar, M., Pereni, P., Vasi, N., Canini, M., Kosti, D. Automatic failure recovery for software-defined networks. In: HotSDN, pp. 159–160. ACM (2013)

    Google Scholar 

  8. Los Angeles Times: LAX outage is blamed on 1 computer, August 2007

    Google Scholar 

  9. Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Balzarotti, D., Maier, G., Sommer, R. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. In: SIGCOMM, pp. 39–53. ACM (2004)

    Google Scholar 

  11. Open Networking Foundation: SDN: The New Norm for Networks, April 2012

    Google Scholar 

  12. Press of Atlantic City: Fire at Hughes Technical Center caused \(\$2.2\)M in damage. http://www.highbeam.com/doc/1P3-2726195211.html. Accessed 27 April 2014

  13. Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding, and analyzing critical infrastructure interdependencies. In: IEEE Control Systems (2001)

    Google Scholar 

  14. Shalimov, A., Zuikov, D., Zimarina, D., Pashkov, V., Smeliansky, R.: Advanced study of SDN/OpenFlow controllers. In: CEE-SECR, p. 1. ACM (2013)

    Google Scholar 

  15. Sherwood, R., Gibb, G., Yap, K., Appenzeller, G., Casado, M., McKeown, N., Parulkar, G.: Flowvisor: a network virtualization layer. In: OpenFlowSwitch (2009)

    Google Scholar 

  16. Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G.: Fresco: modular composable security services for software-defined networks. In: Internet Society NDSS (2013)

    Google Scholar 

  17. Shirali-Shahreza, S., Ganjali, Y.: FleXam: flexible sampling extension for monitoring and security applications in openflow. In: HotSDN, pp. 167–168. ACM (2013)

    Google Scholar 

  18. White, K.J.S., Pezaros, D.P., Johnson, C.W.: Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis: In: ATACCS (2012)

    Google Scholar 

  19. White, K.J.S., Pezaros, D.P., Johnson, C.W.: Principles for increased resilience in critical networked infrastructures. In: Publication Pending, ICRAT (2014)

    Google Scholar 

  20. Zhang, Y.: An adaptive flow counting method for anomaly detection in SDN. In: Emerging Networking Experiments and Technologies, pp. 25–30. ACM (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing Science, University of Glasgow, Glasgow, G12 8QQ, Scotland, UK

    Kyle J. S. White, Dimitrios P. Pezaros & Chris W. Johnson

Authors
  1. Kyle J. S. White
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dimitrios P. Pezaros
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chris W. Johnson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kyle J. S. White .

Editor information

Editors and Affiliations

  1. University of Cyprus , Nicosia, Cyprus

    Christos G. Panayiotou

  2. University of Cyprus , Nicosia, Cyprus

    Georgios Ellinas

  3. University of Cyprus , Nicosia, Cyprus

    Elias Kyriakides

  4. University of Cyprus , Nicosia, Cyprus

    Marios M. Polycarpou

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

White, K.J.S., Pezaros, D.P., Johnson, C.W. (2016). Using Programmable Data Networks to Detect Critical Infrastructure Challenges. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31664-2_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31663-5

  • Online ISBN: 978-3-319-31664-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation