ERINDA: A novel framework for Enhancing the Resilience of Industrial Networks against DDoS Attacks with adaptive recovery

The increasing threat of distributed denial-of-service (DDoS) attacks targeting the availability of critical infrastructure systems controlled by industrial control systems (ICS). DDoS attacks endanger the high-reliability requirements ICSs by overloading network and system resources, causing malfunction or ceasing operations. Recognizing the severe consequences of service disruptions in these environments, we present a novel framework for Enhancing the Resilience of Industrial Networks against DDoS Attacks (ERINDA), designed to minimize downtime and maintain functionality. It consists of a two-phase approach that combines proactive and reactive strategies to efficiently mitigate DDoS attacks while minimizing service disruptions. First, network traffic is continuously monitored to detect any anomalies indicating potential attacks. Second, response mechanisms are activated upon an actual attack identification to quickly neutralize the threat and restore the integrity of the network. Experimental results, obtained using ns-3 network simulations mimicking a smallscale industrial network topology, demonstrate that, by integrating real-time monitoring, situation reporting, and rapid adaptive response mechanisms, ERINDA improves key performance metrics. Under a DDoS attack, ERINDA recovered approximately 88 % of normal throughput at 25 % channel utilization, compared to a 77 % reduction without ERINDA. Furthermore, ERINDA consistently restored packet delivery ratio and round-trip delay values close to normal operational conditions across various traffic loads.