Redirigiendo al acceso original de articulo en 24 segundos...
Inicio  /  Future Internet  /  Vol: 13 Par: 10 (2021)  /  Artículo
ARTÍCULO
TITULO

An SDN-Enabled Architecture for IT/OT Converged Networks: A Proposal and Qualitative Analysis under DDoS Attacks

Luca Foschini    
Valentina Mignardi    
Rebecca Montanari and Domenico Scotece    

Resumen

Real-time business practices require huge amounts of data directly from the production assets. This new thirst for accurate and timely data has forced the convergence of the traditionally business-focused information technology (IT) environment with the production-focused operational technology (OT). Recently, software-defined network (SDN) methodologies have benefitted OT networks with enhanced situational awareness, centralized configuration, deny-by-default forwarding rules, and increased performance. What makes SDNs so innovative is the separation between the control plane and the data plane, centralizing the command in the controllers. However, due to their young age, the use of SDNs in the industry context has not yet matured comprehensive SDN-based architectures for IT/OT networks, which are also resistant to security attacks such as denial-of-service ones, which may occur in SDN-based industrial IoT (IIoT) networks. One main motivation is that the lack of comprehensive SDN-based architectures for IT/OT networks making it difficult to effectively simulate, analyze, and identify proper detection and mitigation strategies for DoS attacks in IT/OT networks. No consolidated security solutions are available that provide DoS detection and mitigation strategies in IT/OT networks. Along this direction, this paper?s contributions are twofold. On the one hand, this paper proposes a convergent IT/OT SDN-based architecture applied in a real implementation of an IT/OT support infrastructure called SIRDAM4.0 within the context of the SBDIOI40 project. On the other hand, this paper proposes a qualitative analysis on how this architecture works under DoS attacks, focusing on what the specific problems and vulnerabilities are. In particular, we simulated several distributed denial-of-service (DDoS) attack scenarios within the context of the proposed architecture to show the minimum effort needed by the attacker to hack the network, and our obtained experimental results show how it is possible to compromise the network, thus considerably worsening the performance and, in general, the functioning of the network. Finally, we conclude our analysis with a brief description on the importance of employing machine learning approaches for attack detection and for mitigation techniques.

 Artículos similares

       
 
Jiaying Yao, Zhigeng Han, Muhammad Sohail and Liangmin Wang    
5G is the latest generation of cellular mobile communications. Due to its significant advantage in high data rate, reduced latency and massive device connectivity, the 5G network plays a vital role in today?s commercial telecommunications networks. Howev... ver más
Revista: Future Internet

 
Sufian Hameed and Hassan Ahmed Khan    
Software Defined Networking (SDN) has proved itself to be a backbone in the new network design and is quickly becoming an industry standard. The idea of separation of control plane and data plane is the key concept behind SDN. SDN not only allows us to p... ver más
Revista: Future Internet

 
Barbara Martini and Federica Paganelli    
Emerging technologies such as Software-Defined Networks (SDN) and Network Function Virtualization (NFV) promise to address cost reduction and flexibility in network operation while enabling innovative network service delivery models. However, operational... ver más
Revista: Future Internet