Method for deep packet inspection as means of ensuring the adequacy of specifications transmitted in industrial networks.

Aim. To improve the adequacy of specifications transmitted within safety-critical process automation systems. Methods. Integration of deep packet inspection technology into the operation of an open communications platform with a uniform architecture. The application of such a platform in industrial networks is defined by the requirements of the Russian standards as regards the implementation of messaging traffic. The paper employed   an approach that is based on the statistical analysis of existing threats to the use of software technologies and single interfaces as part of process automation tools. Content-based deep packet inspection allowed developing an algorithm for accumulating statistical data that define the efficiency of traffic regulation and filtering. Using the above technology along with the proposed method for calculating risks affecting automation systems would allow taking into account the technological and operational aspects of the external factors. Results. It was shown that compliance with the proposed regulatory requirements, as well as provisions defining the stability of transactions will allow Internet providers visualising existing traffic, identifying its bottlenecks, algorithmising the use of network resources, including its effect on network performance and compatibility with various protocols. Based on the results of deep packet inspection, the paper examined the feasibility of effective analysis of packet content   and metadata. An algorithm was developed for deep packet inspection that demonstrates capturing, analysis, and processing of network traffic along with a diagram of the allocation of the means and facilities implementing the algorithm in a network of open distributed systems that includes integration points between industrial controllers, servers, and clients, as well as cloud services. The diagram helps visualising the integration of deep packet inspection technology at all levels of interaction between the elements of process automation systems. To control the risk dynamics, an algorithm was proposed that takes into account the evolution of   threats to each of the elements, as well as building countermeasures within process automation systems. The characteristics of the facilities that represent such countermeasures to external threats are defined by the compliance of the transmitted data packets with the requirements that define the protocol specifications of an open platform server. The obtained information helps administrators inspect traffic, identify anomalies and plan the capacity of communication channels within the examined process automation systems. The above approach to building a cyber threat detection framework is a strategic basis for ensuring the security of critical applications. Conclusions. Given the demand for ensuring the safety of process automation systems, the introduction of requirements defining the deep packet inspection process into Russian digital manufacturing standards would be a significant step towards improving the adequacy of specifications transmitted within industrial networks in the face of growing cyber threats.

1. Chaus E.A. [Concept and basic approach to building an information protection system in a multilevel intelligent enterprise management system]. Eurasian Scientific Association 2020;10-2(68):157-159. (in Russ.)

2. Romanenko O.A. [Deep packet inspection as a means of traffic analysis and control]. In: Telecommunications: networks and technologies, algebraic coding, and data security]. (accessed 30.06.2024). Available at: https HYPERLINK “https://libeldoc.bsuir.by/bitstream/123456789/36300/1/Romanenko_Glubokaya.pdf.

3. Panin D.N., Bobkov E.O., Balashova E.A. Analysis of cyber-attacks on critical information infrastructure with IoT technologies. The Autonomy of Personality 2020;2(22):55-64. (in Russ.)

4. Yurkevich E.V., Kryukova L.N. Matters of assuring functional dependability compliance of digital manufacturing. Dependability 2024;24(3):52-60. (in Russ.) DOI: 10.21683/1729-2646-2024-24-3-52-60.

5. Weiber V.V., Kudinov A.V., Markov N.G. [The task of collecting and transmitting technological information of a distributed industrial enterprise]. TPU News 2011;5. (accessed 29.06.2024). Available at: https://cyberleninka.ru/article/n/zadacha-sbora-i-peredachi-tehnologicheskoy-in-formatsii-raspredelennogo-promyshlennogo-predpriyatiya. (in Russ.)

6. Kamyshev S.V., Karmanov I.N. Problem of DDoS attacks in modern IT-industry and methods of protection against them. Interexpo GEO-Siberia 2018;9:121-125. (in Russ.)

7. Langner R. Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy 2011;6(3):49-51. DOI: 10.1109/MSP.2011.67.

8. Takagi H., Morita T., Matta M. et al. Strategic security protection for industrial control systems. In: Society of Instrument and Control Engineers of Japan (SICE), 2015 54th Annual Conference. IEEE; 2015. Pp. 986-992.

9. Khan R., Maynard P., McLaughlin K. et al. Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid. In: 4th International Symposium for ICS & SCADA Cyber Security Research; 2016. DOI: 10.14236/ewic/ICS2016.7.

10. Kuzmin V.N., Menisov A.B. A study of ways and solutions to increase the efficiency of detecting computer attacks on the objects of critical information infrastructure. Informatsionno-upravliaiushchie sistemy 2022;4:29-43. (in Russ.). DOI:10.31799/1684-8853-2022-4-29-43.