{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,29]],"date-time":"2025-10-29T18:37:51Z","timestamp":1761763071554,"version":"3.37.3"},"reference-count":23,"publisher":"Oxford University Press (OUP)","issue":"4","license":[{"start":{"date-parts":[[2019,12,31]],"date-time":"2019-12-31T00:00:00Z","timestamp":1577750400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"funder":[{"DOI":"10.13039\/501100013410","name":"INCIBE","doi-asserted-by":"publisher","award":["INCIBEC-2015-02495"],"award-info":[{"award-number":["INCIBEC-2015-02495"]}],"id":[{"id":"10.13039\/501100013410","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Ayudas para la Excelencia de los Equipos de Investigacion avanzada en ciberseguridad"},{"name":"Department of Economic Development and Infrastructures","award":["KK-2017\/00044"],"award-info":[{"award-number":["KK-2017\/00044"]}]},{"name":"Gipuzkoa Provincial Council","award":["93\/17"],"award-info":[{"award-number":["93\/17"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7,24]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Specifically tailored industrial control systems (ICSs) attacks are becoming increasingly sophisticated, accentuating the need of ICS cyber security. The nature of these systems makes traditional IT security measures not suitable, requiring expressly developed security countermeasures. Within the past decades, research has been focused in network-based intrusion detection systems. With the appearance of software-defined networks (SDNs), new opportunities and challenges have shown up in the research community. This paper describes the potential benefits of using SDNs in industrial networks with security purposes and presents the set up and results of a pilot experiment carried out in a scaled physical implementation. The experimental set up consists in the detection of ICMP flood and packet payload alteration based on signature comparison. Results point to the potential viability of the technology for intrusion detection and the need of researching in architectural scalability.<\/jats:p>","DOI":"10.1093\/jigpal\/jzz060","type":"journal-article","created":{"date-parts":[[2019,12,16]],"date-time":"2019-12-16T20:07:02Z","timestamp":1576526822000},"page":"461-472","source":"Crossref","is-referenced-by-count":12,"title":["Deep packet inspection for intelligent intrusion detection in software-defined industrial networks: A proof of concept"],"prefix":"10.1093","volume":"28","author":[{"given":"Markel","family":"Sainz","sequence":"first","affiliation":[{"name":"Electronics and Computing Department, Mondragon University, Goiru 2, 20500 Arrasate-Mondrag\u00f3n, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"I\u00f1aki","family":"Garitano","sequence":"additional","affiliation":[{"name":"Electronics and Computing Department, Mondragon University, Goiru 2, 20500 Arrasate-Mondrag\u00f3n, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mikel","family":"Iturbe","sequence":"additional","affiliation":[{"name":"Electronics and Computing Department, Mondragon University, Goiru 2, 20500 Arrasate-Mondrag\u00f3n, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Urko","family":"Zurutuza","sequence":"additional","affiliation":[{"name":"Electronics and Computing Department, Mondragon University, Goiru 2, 20500 Arrasate-Mondrag\u00f3n, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"286","published-online":{"date-parts":[[2019,12,31]]},"reference":[{"key":"2020080108271146000_ref1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2542049","article-title":"A survey of intrusion detection techniques for cyber-physical systems","volume":"46","author":"Mitchell","year":"2014","journal-title":"ACM Computing Surveys"},{"key":"2020080108271146000_ref2","first-page":"670","article-title":"Industrial control systems security: what is happening?","author":"Krotofil","year":"2013","journal-title":"11th IEEE International Conference on Industrial Informatics (INDIN)"},{"key":"2020080108271146000_ref3","doi-asserted-by":"crossref","first-page":"4490","DOI":"10.1109\/IECON.2011.6120048","article-title":"Stuxnet worm impact on industrial cyber-physical system security","volume-title":"IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society","author":"Karnouskos","year":"2011"},{"key":"2020080108271146000_ref4","first-page":"618","article-title":"Improving cybersecurity for industrial control systems","volume":"2016","author":"Graham","year":"2016","journal-title":"IEEE International Symposium on Industrial Electronics"},{"key":"2020080108271146000_ref5","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1109\/MCOM.2015.7120048","article-title":"Software-defined networking security: pros and cons","volume":"53","author":"Dabbagh","year":"2015","journal-title":"IEEE Communications Magazine"},{"key":"2020080108271146000_ref6","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-319-67180-2_56","article-title":"Software defined networking opportunities for intelligent security enhancement of industrial control systems","volume-title":"Proceeding International Joint Conference SOCO'17-CISIS'17-ICEUTE'17 Le\u00f3n, Spain, September 6\u20138, 2017, SOCO 2017, ICEUTE 2017, CISIS 2017","author":"Sainz","year":"2018"},{"key":"2020080108271146000_ref7","first-page":"447","article-title":"Event-based anomaly detection for non-public industrial communication protocols in SDN-based control systems","volume-title":"CMC: Computers, Materials & Continua BIOCELL","author":"Wan","year":"2018"},{"key":"2020080108271146000_ref8","doi-asserted-by":"crossref","first-page":"172","DOI":"10.1016\/j.comnet.2016.05.019","article-title":"Suspicious traffic sampling for intrusion detection in software-defined networks","volume":"109","author":"Ha","year":"2016","journal-title":"Computer Networks"},{"key":"2020080108271146000_ref9","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1109\/MS.2017.4541054","article-title":"Leveraging software-defined networking for incident response in industrial control systems","volume":"35","author":"Murillo Piedrahita","year":"2018","journal-title":"IEEE Software"},{"key":"2020080108271146000_ref10","doi-asserted-by":"crossref","first-page":"497","DOI":"10.1007\/978-81-322-2550-8_48","article-title":"Centralized Control Signature-Based Firewall and Statistical-Based Network Intrusion Detection System (NIDS) in Software Defined Networks (SDN)","volume-title":"Emerging Research in Computing, Information, Communication and Applications","author":"Mantur","year":"2015"},{"key":"2020080108271146000_ref11","first-page":"1","article-title":"Opendaylight: towards a model-driven SDN controller architecture","author":"Medved","journal-title":"2014 IEEE 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM)"},{"key":"2020080108271146000_ref12","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1007\/s12083-017-0630-0","article-title":"Survey on SDN based network intrusion detection system using machine learning approaches","volume":"12","author":"Sultana","year":"2018","journal-title":"Peer-to-Peer Networking and Applications"},{"key":"2020080108271146000_ref13","doi-asserted-by":"publisher","DOI":"10.4108\/eai.28-12-2017.153515","article-title":"A deep learning based DDoS detection system in software-defined networking (SDN), SESA, EAI","author":"Niyaz","year":"2017"},{"key":"2020080108271146000_ref14","doi-asserted-by":"crossref","DOI":"10.1109\/LCN.2010.5735752","article-title":"Lightweight DDoS flooding attack detection using NOX\/OpenFlow","volume-title":"Conference on Local Computer Networks (LCN)","author":"Braga","year":"2010"},{"key":"2020080108271146000_ref15","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1109\/EST.2017.8090413","article-title":"Machine learning based intrusion detection system for software defined networks","author":"Abubakar","year":"2017","journal-title":"2017 Seventh International Conference on Emerging Security Technologies (EST)"},{"journal-title":"Network Emulation Testbed Home","author":"Emulab","key":"2020080108271146000_ref16"},{"key":"2020080108271146000_ref17","article-title":"An Analysis of the Manufacturing Messaging Specification Protocol","volume-title":"Ubiquitous Intelligence and Computing. UIC 2008","author":"S\u00f8rensen","year":"2011"},{"author":"Biondi","key":"2020080108271146000_ref18","article-title":"Scapy: explore the net with new eyes"},{"article-title":"Wireshark-network protocol analyzer","year":"2008","author":"Combs","key":"2020080108271146000_ref19"},{"key":"2020080108271146000_ref20","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1007\/978-3-319-32125-7_5","article-title":"Threats in industrial control systems","volume-title":"Cyber-security of SCADA and Other Industrial Control Systems","author":"Luiijf","year":"2016"},{"key":"2020080108271146000_ref21","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1016\/j.cose.2004.06.011","article-title":"A taxonomy of network and computer attacks","volume":"24","author":"Hansman","year":"2005","journal-title":"Computers and Security"},{"key":"2020080108271146000_ref22","first-page":"17","article-title":"vNIDS: towards Elastic Security with Safe and Efficient Virtualization of Network Intrusion Detection Systems","volume-title":"Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS\u201918)","author":"Li","year":"2018"},{"key":"2020080108271146000_ref23","doi-asserted-by":"crossref","first-page":"2542","DOI":"10.1109\/ACCESS.2015.2499271","article-title":"Software-defined network function virtualization: a survey","volume":"3","author":"Li","year":"2015","journal-title":"IEEE Access"}],"container-title":["Logic Journal of the IGPL"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/jigpal\/article-pdf\/28\/4\/461\/33554856\/jzz060.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"http:\/\/academic.oup.com\/jigpal\/article-pdf\/28\/4\/461\/33554856\/jzz060.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,8,1]],"date-time":"2020-08-01T12:28:02Z","timestamp":1596284882000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/jigpal\/article\/28\/4\/461\/5691244"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,31]]},"references-count":23,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2019,12,31]]},"published-print":{"date-parts":[[2020,7,24]]}},"URL":"https:\/\/doi.org\/10.1093\/jigpal\/jzz060","relation":{},"ISSN":["1367-0751","1368-9894"],"issn-type":[{"type":"print","value":"1367-0751"},{"type":"electronic","value":"1368-9894"}],"subject":[],"published-other":{"date-parts":[[2020,8]]},"published":{"date-parts":[[2019,12,31]]}}}