Text size
  • Small
  • Medium
  • Large
  • Standard
  • Blue text on blue
  • High contrast (Yellow text on black)
  • Blue text on beige

    A Two-level Intrusion Detection System for Industrial Control System Networks using P4

    5th International Symposium for ICS & SCADA Cyber Security Research 2018 (ICS-CSR 2018)

    29 - 30 August 2018, University of Hamburg, Germany.


    Gorby Kabasele Ndonda & Ramin Sadre



    The increasing number of attacks against Industrial Control Systems (ICS) have shown the vulnerability of these systems. Many ICS network protocols have no security mechanism and the requirements on high availability and real-time communication make it challenging to apply intrusive security measures. In this paper, we propose a two-level intrusion detection system for ICS networks based on Software Defined Networking (SDN). The first level consists of flow and Modbus whitelists, leveraging P4 for efficient real-time monitoring. The second level is a deep packet inspector communicating with an SDN controller to update the whitelists of the first level. We show by experiments in an emulated environment that our design has only a small impact on communication latencies in the ICS and is efficient against Modbus/TCP oriented attacks.


    PDF file PDF Version of this Paper 674(kb)