Performance Evaluation and Modeling of an Industrial Application-Layer Firewall

被引:25
|
作者
Cheminod, Manuel [1 ]
Durante, Luca [1 ]
Seno, Lucia [1 ]
Valenzano, Adriano [1 ]
机构
[1] Natl Res Council Italy, Inst Elect Comp & Telecommun Engn, I-10129 Turin, Italy
关键词
Application-layer filtering; industrial firewall (IFW); Modbus/TCP; modeling; performance analysis; security of industrial systems; INTRUSION-DETECTION SYSTEM; SECURITY;
D O I
10.1109/TII.2018.2802903
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The availability of performance studies and simple models for firewalls able to deal with industrial application-layer communication protocols, such as Modbus/TCP, is crucial when the impact of these devices has to be estimated, even roughly, before their actual deployment in industrial networks. Unfortunately, most manufacturers do not provide this kind of information for commercial off-the-shelf available products. Thus, a viable solution is the development and experimental validation of simple models that can be used by designers to predict those fire-wall characteristics not explicitly related to their security capabilities. As an example, latency introduced on message forwarding is an aspect of significant interest in many industrial control systems, where delays and jitters in data delivery can severely impact on the effectiveness of the control actions. This paper reports on our experience in developing a performance model for a commercial device able to perform advanced application-layer filtering, in particular of Modbus/TCP traffic. A set of ad hoc designed experiments, performed by means of a purposely developed laboratory testbed, enabled both model development and validation, confirming a good correspondence of the estimated performance with the device actual behavior.
引用
收藏
页码:2159 / 2170
页数:12
相关论文
共 50 条
  • [1] Application-layer Anomaly Detection Based on Application-layer Protocols' Keywords
    Xie, Bailin
    Zhang, Qiansheng
    [J]. PROCEEDINGS OF 2012 2ND INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2012), 2012, : 2131 - 2135
  • [2] Design, Implementation and Evaluation of An Application-Layer Virtualized Network
    Zhang, Yiming
    Li, Dongsheng
    Wang, Yijie
    Sun, Zhigang
    Zhao, Feng
    Su, Jinshu
    [J]. 9th IEEE International Symposium on Service-Oriented System Engineering (SOSE 2015), 2015, : 235 - 240
  • [3] Detecting Application-layer Attacks Based on User's Application-layer Behaviors
    Xie, Bailin
    Jiang, Shengyi
    [J]. INFORMATION TECHNOLOGY APPLICATIONS IN INDUSTRY II, PTS 1-4, 2013, 411-414 : 607 - 612
  • [4] Research on an Application-layer Network Performance Measure Method
    Cui, Li-jie
    Li, Jin-gang
    Liu, Wei
    [J]. 2012 INTERNATIONAL WORKSHOP ON INFORMATION AND ELECTRONICS ENGINEERING, 2012, 29 : 4063 - 4067
  • [5] Application-layer multicast
    Katrinis, K
    May, M
    [J]. PEER-TO-PEER SYSTEMS AND APPLICATIONS, 2005, 3485 : 157 - 170
  • [6] On effectiveness of application-layer coding
    Choi, Yoojin
    Momcilovic, Petar
    [J]. IEEE INFOCOM 2009 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS, VOLS 1-5, 2009, : 433 - 441
  • [7] Modeling Effects of Impulse Noise on Application-Layer FEC in DSL Channels
    Pullano, V.
    Skupin, R.
    Corazza, G. E.
    Hellge, C.
    Schierl, T.
    [J]. 2013 IEEE INTERNATIONAL SYMPOSIUM ON BROADBAND MULTIMEDIA SYSTEMS AND BROADCASTING (BMSB), 2013,
  • [8] Application-Layer Connector Synthesis
    Inverardi, Paola
    Spalazzese, Romina
    Tivoli, Massimo
    [J]. FORMAL METHODS FOR ETERNAL NETWORKED SOFTWARE SYSTEMS, SFM 2011, 2011, 6659 : 148 - 190
  • [9] Modeling and performance evaluation of transport protocols for firewall control
    Kiesel, Sebastian
    Scharf, Michael
    [J]. COMPUTER NETWORKS, 2007, 51 (11) : 3232 - 3251
  • [10] Evaluation of Industrial Firewall Performance Issues in Automation and Control Networks
    Zvabva, Davison
    Zavarsky, Pavol
    Butakov, Sergey
    Luswata, John
    [J]. 2018 29TH BIENNIAL SYMPOSIUM ON COMMUNICATIONS (BSC), 2018,