Communication networks are ubiquitous in modern process control systems used in oil and gas refineries. The communications networks can be designed to provide a duplex communication between equipment and a distributed control system (DCS). The distributed control system acts as a central command centre for controlling equipment and various sub systems in a refinery or a manufacturing plant. The DCS includes a human machine interface (HMI) for a control room operator to initiate and control operations of a process control system by sending and receiving control commands. The control commands are sent to the controllers connected by communication networks such as Ethernet or wireless networks. In the same way, the controllers respond with information about the equipment that is controlled. This information is used to monitor process controlled by the process control system.
In communication networks, routing includes selecting a shortest or a cost efficient path in a communication network for data transmission. Routing involves using general network devices such as routers, switches, bridges, firewalls and gateways. Primarily, routers are devices used to forward packets between two different communication networks. However, within a communication network, devices such as switches, firewalls, gateways and personal computers transmit and receive packets.
In packet switched networks, established networking protocols such as Internet Protocol (IP) are used. These protocols are dynamic and are designed to allow continued functioning of network even when failures in some network hardware occur in a communication network, thereby making the networks resilient. In other words, the protocols respond to changes such as network capacity, utilization, cost and availability to adjust the path a packet travels in a network. A routing path is a path, which the packet has taken to reach a destination from a source, used for analysing communication patterns. Network security applications use routing path of packets for analysing patterns in packet behaviour.
In process plants, different parts of its network are separated by network security devices such as firewalls and an access control list permits or denies access to portions of the network based on permissions available to specific personnel or vendors. In the absence of access rights to all parts of a network, the source of the packet cannot be verified. Also, if a computer in the network is infected with a virus or a malware, packets may be a result of spoofing to include a false source IP address. In these cases, routing information, mainly source of the packet, is not available. The only source IP address available is the source IP address present in the packet itself. By extension, the routing path of the packet is not evident from the source IP address present as the source IP address is replaced when the packet hops from one network device such as router to another. Therefore, it becomes necessary to identify the entire routing path to trace the source of the packet to prevent or identify security breaches in a network.
Existing methods of routing path estimation such as the one shown in FIG. 3 have estimation of routing path performed on computers connected to a databus. However, such methods may not be effective due to the absence of processing the packets prior to analysis that estimates routing path.
Furthermore, a packet passes through multiple routers and duplicate information about the same packet may be received at multiple routers as the packet passes through them. It is imperative to resolve the duplication of the same packet across different routers to identify the path of the packet.