How SDN and Reinforcement Learning Secure Industrial Healthcare: Check our latest work in the IEEE Transactions on Industrial Informatics!

Our latest work, published in IEEE Transactions on Industrial Informatics (IF: 10.215), available in ResearchGate too, presents an Intrusion Detection and Prevention System (IDPS), which combines both Software Define Networking (SDN) and Reinforcement Learning (RL) conceptps in order to detect and mitigate IEC 60870-5-104 threats timely.

First, we investigate and assess the severity of the IEC 60870-5-104 cyberattacks by providing a quantitative threat model, which relies on Attack Defence Trees (ADTs) and Common Vulnerability Scoring System (CVSS) v3.1.

Next, we introduce IDPS, which is capable of discriminating and mitigating automatically the IEC 60870-5-104 cyberattacks. The proposed IDPS takes full advantage of the Machine Learning (ML) and SDN technologies. ML is used to detect the IEC 60870-5-104 cyberattacks, utilising (a) Transmission Control Protocol (TCP)/ Internet Protocol (IP) network flow statistics and (b) IEC 60870-5-104 payload flow statistics.

On the other side, the automated mitigation is transformed into a Multi-Armed Bandit (MAB) problem, which is solved through a Reinforcement Learning (RL) method called Thomson Sampling (TS) and SDN. The evaluation analysis demonstrates the efficiency of the proposed IDPS in terms of intrusion detection accuracy and automated mitigation performance. The detection accuracy and the F1 score of the proposed IDPS reach 0.831 and 0.8258, while the mitigation accuracy is calculated at 0.923.

This work is an outcome of the EU-funded H2020-SU-DS-2018 SDN-microSENSE.

This paper is dedicated to the memory of Nikolaos Panagiotarakis (Project Officer of SDN-microSENSE) who passed away during the preparation of this work.

Proud to share our research work with you :)