Critical Information Infrastructures Monitoring Based on Software-Defined Networks

The paper deals with the problem of control of critical information infrastructures (CII) in order to ensure information security and functional reliability. It is proved that safety in such systems primarily affects the availability - that is, ensuring and maintaining the functionality and performance of all components of the CII. In second place is usually integrity, and the lowest priority is given to confidentiality. It is proposed to universalize monitoring information and telecommunication base of the CII. Software-defined networks (SDN) are considered as such base. Such monitoring will allow monitoring the state of the functionality of the information technology base of the CII objects and also to detect various violations of the functionality and anomalies in the operation of the information system and control systems. The monitoring protocols of traditional networks (NetFlow, sFlow) and SDN (OpenFlow) are compared. The analysis shows that the SDN switch can export NetFlow or sFlow data for later analysis. The scheme of the two-level sensor by means of the switch of the SDN and separate specialized devices is offered. It is assumed that these sensors can analyze parameters already for L2-L7 levels, such as DPI or DLP systems.Not only can the methodology and capabilities of IDS and IPS be used in the SDN, but based on the analysis of the data obtained, the network can be centrally reprogrammed to repel malicious attacks and restore functionality. This can make CII significantly more resistant to various failures, failures and malicious attacks.