Network Scanning and Mapping for IIoT Edge Node Device Security

TL;DR

This paper presents a novel method for IIoT edge nodes to perform network scanning and mapping, enhancing security by detecting unauthorized devices directly from the edge in industrial environments.

Contribution

It introduces a decentralized network scanning approach performed by IIoT edge nodes, enabling real-time detection of network changes and unauthorized devices.

Findings

Feasibility demonstrated in an industrial testbed.

Edge-based scanning effectively detects network changes.

Approach reduces reliance on centralized scanning systems.

Abstract

The amount of connected devices in the industrial environment is growing continuously, due to the ongoing demands of new features like predictive maintenance. New business models require more data, collected by IIoT edge node sensors based on inexpensive and low performance Microcontroller Units (MCUs). A negative side effect of this rise of interconnections is the increased attack surface, enabled by a larger network with more network services. Attaching badly documented and cheap devices to industrial networks often without permission of the administrator even further increases the security risk. A decent method to monitor the network and detect "unwanted" devices is network scanning. Typically, this scanning procedure is executed by a computer or server in each sub-network. In this paper, we introduce network scanning and mapping as a building block to scan directly from the Industrial Internet of Things (IIoT) edge node devices. This module scans the network in a pseudo-random periodic manner to discover devices and detect changes in the network structure. Furthermore, we validate our approach in an industrial testbed to show the feasibility of this approach.