|
| Approach | Security parameter | Network/dataset | Experimental setup | Tools/simulators | Parameters/approach for intrusion detection | Limitations |
|
| DSSnet: microgrid simulator [1] | DoS and resilience | IEEE-13 bus power distribution system with two subsystems, i.e., wind turbine and energy storage system | Developed a simulator for evaluation of microgrid operation.
Applications:
(i) Self-healing network management
(ii) Communication network verification
(iii) Specification-based intrusion detection | OpenDSS, Mininet, virtual time system (Linux-based kernel) | (i) Network slicing
(ii) Traffic isolation | A little literature on specification-based intrusion detection provided experimental validation of intrusion detection is not provided. |
| PYGRID: SG simulator [12] | DoS protection and resilience | Simulated IEEE-14 bus power system | Scenarios:
normal operation, bus failure, and bus attack
Result:
successfully mitigated DDoS attack | Mininet, PYPOWER | (i) Number of packets/second = 40% threshold
(ii) Flows count | (i) Maximum power capacity allowed on each bus/branch is not mentioned; rationale for using fixed threshold limit for number of packets/sec is missing.
(ii) All traffic flows are being monitored for rapid detection. Computation overhead cost is associated with the approach since all flows will go to application layer. |
| Multicontroller-based SDN [20] | UDP/TCP/ICMP flood attacks | Simulated | Design components
entropy-based DDoS detection algorithm
(i) Virtualized network environment of 3 switches and 32 hosts
(ii) Set of mitigation actions (block traffic/ports)
(iii) UDP flood attack simulated | POX controller, Mininet 2.0, and Scapy tool for traffic generation | Analysis metric
(i) Destination IP address entropy | (i) Experimental validation for backup controller functionality, in case of primary controller failure, was missing.
(ii) Threshold value should have been changed dynamically as per the changing network environment.
(iii) The authors did not address the efficacy of approach in protecting against LR-DDoS attacks
(iv) Flash crowds may be detected by the algorithm as an attack, resulting in extra FPR.
(v) The proposed approach should have been validated against performance metrics like DR, FPR, etc. |
|
