Visible to the public Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid

TitleSecurity Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid
Publication TypeConference Paper
Year of Publication2019
AuthorsLin, Gengshen, Dong, Mianxiong, Ota, Kaoru, Li, Jianhua, Yang, Wu, Wu, Jun
Conference NameICC 2019 - 2019 IEEE International Conference on Communications (ICC)
ISBN Number978-1-5386-8088-9
KeywordsBandwidth, centralized SDN controller, Communication networks, computer network security, dynamic defense methods, integer nonlinear programming problem, integer programming, Metrics, Monitoring, moving target defense, nonlinear programming, power engineering computing, power system security, pubcrawl, resilience, Resiliency, Scalability, SDN security, SDN-enabled smart grid, security, security function virtualization, Servers, Smart grids, smart power grids, software defined networking, software-defined networking, virtual security function, virtualisation, virtualization

Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

Citation Keylin_security_2019