Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid

Gengshen Lin; Mianxiong Dong; Kaoru Ota; Jianhua Li; Wu Yang; Jun Wu

doi:10.1109/ICC.2019.8761217

Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid

Gengshen Lin, Mianxiong Dong, Kaoru Ota, Jianhua Li, Wu Yang, Jun Wu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

Original language	English
Title of host publication	2019 IEEE International Conference on Communications, ICC 2019 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781538680889
DOIs	https://doi.org/10.1109/ICC.2019.8761217
Publication status	Published - 2019 May
Externally published	Yes
Event	2019 IEEE International Conference on Communications, ICC 2019 - Shanghai, China Duration: 2019 May 20 → 2019 May 24

Publication series

Name	IEEE International Conference on Communications
Volume	2019-May
ISSN (Print)	1550-3607

Conference

Conference	2019 IEEE International Conference on Communications, ICC 2019
Country/Territory	China
City	Shanghai
Period	19/5/20 → 19/5/24

ASJC Scopus subject areas

Computer Networks and Communications
Electrical and Electronic Engineering

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/ICC.2019.8761217

Cite this

Lin, G., Dong, M., Ota, K., Li, J., Yang, W., & Wu, J. (2019). Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid. In 2019 IEEE International Conference on Communications, ICC 2019 - Proceedings Article 8761217 (IEEE International Conference on Communications; Vol. 2019-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICC.2019.8761217

Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid. / Lin, Gengshen; Dong, Mianxiong; Ota, Kaoru et al.
2019 IEEE International Conference on Communications, ICC 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. 8761217 (IEEE International Conference on Communications; Vol. 2019-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lin, G, Dong, M, Ota, K, Li, J, Yang, W & Wu, J 2019, Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid. in 2019 IEEE International Conference on Communications, ICC 2019 - Proceedings., 8761217, IEEE International Conference on Communications, vol. 2019-May, Institute of Electrical and Electronics Engineers Inc., 2019 IEEE International Conference on Communications, ICC 2019, Shanghai, China, 19/5/20. https://doi.org/10.1109/ICC.2019.8761217

@inproceedings{d9c23aeeda7041aebbe51b023e0a2033,

title = "Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid",

abstract = "Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.",

author = "Gengshen Lin and Mianxiong Dong and Kaoru Ota and Jianhua Li and Wu Yang and Jun Wu",

note = "Funding Information: ACKNOWLEDGEMENT This work was supported in part by the National Natural Science Foundation of China under Grant 61431008, 61571300, 61831007 and partially supported by the JSPS KAKENHI Grant Number JP16K00117, KDDI Foundation. Publisher Copyright: {\textcopyright} 2019 IEEE.; 2019 IEEE International Conference on Communications, ICC 2019 ; Conference date: 20-05-2019 Through 24-05-2019",

year = "2019",

month = may,

doi = "10.1109/ICC.2019.8761217",

language = "English",

series = "IEEE International Conference on Communications",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2019 IEEE International Conference on Communications, ICC 2019 - Proceedings",

}

TY - GEN

T1 - Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid

AU - Lin, Gengshen

AU - Dong, Mianxiong

AU - Ota, Kaoru

AU - Li, Jianhua

AU - Yang, Wu

AU - Wu, Jun

N1 - Funding Information: ACKNOWLEDGEMENT This work was supported in part by the National Natural Science Foundation of China under Grant 61431008, 61571300, 61831007 and partially supported by the JSPS KAKENHI Grant Number JP16K00117, KDDI Foundation. Publisher Copyright: © 2019 IEEE.

PY - 2019/5

Y1 - 2019/5

N2 - Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

AB - Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

UR - http://www.scopus.com/inward/record.url?scp=85070227476&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85070227476&partnerID=8YFLogxK

U2 - 10.1109/ICC.2019.8761217

DO - 10.1109/ICC.2019.8761217

M3 - Conference contribution

AN - SCOPUS:85070227476

T3 - IEEE International Conference on Communications

BT - 2019 IEEE International Conference on Communications, ICC 2019 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2019 IEEE International Conference on Communications, ICC 2019

Y2 - 20 May 2019 through 24 May 2019

ER -

Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid

Abstract

Publication series

Conference

ASJC Scopus subject areas

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this