TY - GEN
T1 - Modeling cost of countermeasures in software defined networking-enabled energy delivery systems
AU - Hasan, Kamrul
AU - Shetty, Sachin
AU - Hassanzadeh, Amin
AU - Salem, Malek Ben
AU - Chen, Jay
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/8/10
Y1 - 2018/8/10
N2 - Software defined networking (SDN) is a networking paradigm to provide automated network management at run time through network orchestration and virtualization. SDN is primarily used for quality of service (QoS) and automated response to network failures. In the context of Energy Delivery System (EDS), SDN can also enhance system resilience through recovery from failures and maintaining critical operations during cyber attacks. Researchers have proposed SDN based architectures for autonomous attack containment, which dynamically modifies access control rules based on configurable trust levels. One of the challenges with such architectures is the lack of a cost model to select the countermeasure which balances the trade-off between security risk and network QoS. Prior to choosing a particular countermeasure which either quarantines the attack or mitigates the impact, it is also critical to assess the impact on the ability of the operator to conduct normal operations. In this paper, we present an approach to aid in selection of security countermeasures dynamically in an SDN enabled EDS and achieving tradeoff between providing security and QoS. We present the modeling of security cost based on end-to-end packet delay and throughput. We propose a non-dominated sorting based multi-objective optimization framework which can be implemented within an SDN controller to address the joint problem of optimizing between security and QoS parameters by alleviating time complexity at O(MN2). The M is the number of objective functions and N is the number of population for each generation respectively. We present simulation results which illustrate how data availability and data integrity can be achieved while maintaining QoS constraints.
AB - Software defined networking (SDN) is a networking paradigm to provide automated network management at run time through network orchestration and virtualization. SDN is primarily used for quality of service (QoS) and automated response to network failures. In the context of Energy Delivery System (EDS), SDN can also enhance system resilience through recovery from failures and maintaining critical operations during cyber attacks. Researchers have proposed SDN based architectures for autonomous attack containment, which dynamically modifies access control rules based on configurable trust levels. One of the challenges with such architectures is the lack of a cost model to select the countermeasure which balances the trade-off between security risk and network QoS. Prior to choosing a particular countermeasure which either quarantines the attack or mitigates the impact, it is also critical to assess the impact on the ability of the operator to conduct normal operations. In this paper, we present an approach to aid in selection of security countermeasures dynamically in an SDN enabled EDS and achieving tradeoff between providing security and QoS. We present the modeling of security cost based on end-to-end packet delay and throughput. We propose a non-dominated sorting based multi-objective optimization framework which can be implemented within an SDN controller to address the joint problem of optimizing between security and QoS parameters by alleviating time complexity at O(MN2). The M is the number of objective functions and N is the number of population for each generation respectively. We present simulation results which illustrate how data availability and data integrity can be achieved while maintaining QoS constraints.
UR - http://www.scopus.com/inward/record.url?scp=85052608157&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052608157&partnerID=8YFLogxK
U2 - 10.1109/CNS.2018.8433172
DO - 10.1109/CNS.2018.8433172
M3 - Conference contribution
AN - SCOPUS:85052608157
SN - 9781538645864
T3 - 2018 IEEE Conference on Communications and Network Security, CNS 2018
BT - 2018 IEEE Conference on Communications and Network Security, CNS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th IEEE Conference on Communications and Network Security, CNS 2018
Y2 - 30 May 2018 through 1 June 2018
ER -