Detection of Incidents and Anomalies in Software-Defined Network – Based Implementations of Critical Infrastructure Resulting in Adaptive System Changes
Więcej
Ukryj
1
Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów
Autor do korespondencji
Paweł Kuraś
Department of Complex Systems, The Faculty of Electrical and Computer Engineering, Rzeszow University of Technology, ul. MC Skłodowskiej 8, 35-036 Rzeszów
Adv. Sci. Technol. Res. J. 2024; 18(7):176-191
SŁOWA KLUCZOWE
DZIEDZINY
STRESZCZENIE
In the paper an example of an integrated Software-Defined Network (SDN) system with heterogeneous technological instances based on the Linux platform will be shown. For this purpose, two research testing stands with a POX controller and OVS (Open vSwitch) switches were used. In the first testing stand, the research based on the ICMP traffic was done while in the second one, MQTT traffic was analysed. The capabilities of these systems were examined in terms of responding to detected incidents and traffic anomalies. In particular, their appropriate responses to anomalies were tested, as well as the possibility of continuous monitoring of packet transfer between separate network components. The aim of the paper is to investigate the effectiveness of SDN in enhancing the security and adaptability of critical infrastructure systems. For isolation and optimised resource management, some components, such as POX or the MQTT broker, were run in Docker containers. The test environment used both hardware cases and prepared software, enabling comprehensive design and testing of networks based on the OpenFlow protocol used in SDN architecture, enabling the separation of control from traffic in computer networks. The results of this research make it possible to implement anomaly detection solutions in critical infrastructure systems that will adapt on the fly to changing conditions that arise, for example, in the case of an attack on such infrastructure or physical damage to it at a selected node.