Abstract
Critical infrastructures must be better protected against challenges to their data communications in the face of increasing numbers of emerging challenges, complexity and society’s demand and intolerance of failures. In this paper, we present a set of challenges and their characteristics by reviewing reported incidents. Using domain specific attributes we discuss how these could be mitigated. We advocate the adoption of the latest programmable networking approaches in critical infrastructure networks and we present our proposed modular architecture with configurable monitoring and security components. Lastly, we show results from a network challenge simulation which highlights the benefits of our approach in providing rapid, precise and effective challenge detection and mitigation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non gaussian multiresolution statistical detection procedures. In: Workshop on Large Scale Attack Defense, pp. 145–152. ACM (2007)
Eurocontrol website: Rome Fiumicino Airport becomes the 10th A-CDM airport. https://www.eurocontrol.int/news/rome-fiumicino-cdm-implementation-gears-critical-mass-full-benefits. Accessed 27 April 2014
FAA FTI Review Panel: Report on November 19, 2009 Outage (2010)
Flavel, A., Roughan, M., Bean, N., Shaikh, A.: Where’s Waldo? practical searches for stability in iBGP. In: ICNP, pp. 308–317. IEEE (2008)
IAA: Report of the IAA into the ATM System Malfunction, September 2008
Khurshid, A., Zhou, W., Caesar, M., Godfrey, P.: Veriflow : verifying network-wide invariants in real time. In: SIGCOMM, pp. 467–472. ACM (2012)
Kuniar, M., Pereni, P., Vasi, N., Canini, M., Kosti, D. Automatic failure recovery for software-defined networks. In: HotSDN, pp. 159–160. ACM (2013)
Los Angeles Times: LAX outage is blamed on 1 computer, August 2007
Mehdi, S.A., Khalid, J., Khayam, S.A.: Revisiting traffic anomaly detection using software defined networking. In: Balzarotti, D., Maier, G., Sommer, R. (eds.) RAID 2011. LNCS, vol. 6961, pp. 161–180. Springer, Heidelberg (2011)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. In: SIGCOMM, pp. 39–53. ACM (2004)
Open Networking Foundation: SDN: The New Norm for Networks, April 2012
Press of Atlantic City: Fire at Hughes Technical Center caused \(\$2.2\)M in damage. http://www.highbeam.com/doc/1P3-2726195211.html. Accessed 27 April 2014
Rinaldi, S.M., Peerenboom, J.P., Kelly, T.K.: Identifying, understanding, and analyzing critical infrastructure interdependencies. In: IEEE Control Systems (2001)
Shalimov, A., Zuikov, D., Zimarina, D., Pashkov, V., Smeliansky, R.: Advanced study of SDN/OpenFlow controllers. In: CEE-SECR, p. 1. ACM (2013)
Sherwood, R., Gibb, G., Yap, K., Appenzeller, G., Casado, M., McKeown, N., Parulkar, G.: Flowvisor: a network virtualization layer. In: OpenFlowSwitch (2009)
Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G.: Fresco: modular composable security services for software-defined networks. In: Internet Society NDSS (2013)
Shirali-Shahreza, S., Ganjali, Y.: FleXam: flexible sampling extension for monitoring and security applications in openflow. In: HotSDN, pp. 167–168. ACM (2013)
White, K.J.S., Pezaros, D.P., Johnson, C.W.: Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis: In: ATACCS (2012)
White, K.J.S., Pezaros, D.P., Johnson, C.W.: Principles for increased resilience in critical networked infrastructures. In: Publication Pending, ICRAT (2014)
Zhang, Y.: An adaptive flow counting method for anomaly detection in SDN. In: Emerging Networking Experiments and Technologies, pp. 25–30. ACM (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
White, K.J.S., Pezaros, D.P., Johnson, C.W. (2016). Using Programmable Data Networks to Detect Critical Infrastructure Challenges. In: Panayiotou, C., Ellinas, G., Kyriakides, E., Polycarpou, M. (eds) Critical Information Infrastructures Security. CRITIS 2014. Lecture Notes in Computer Science(), vol 8985. Springer, Cham. https://doi.org/10.1007/978-3-319-31664-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-31664-2_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31663-5
Online ISBN: 978-3-319-31664-2
eBook Packages: Computer ScienceComputer Science (R0)