Flat network topology for digital transformation (DX) in industrial control systems (ICS) brings many merits, but also draws threats of cyberattack. Considering cybersecurity, countermeasures against DoS (Denial of Service) attack is mandatory for ICS, especially to maintain its availability. To solve this issue, we propose a flood type DoS mitigation method “SFAT”(Synchronized Filtering based on Arrival Time), which focuses on the periodicity of control communications at the edge of ICS. This SFAT passes network frames only at the timing synchronized to periodic and legitimate communication frames, and then mitigates the amount of DoS frames. This timing is detected by a synchronous detection process that is implemented on hardware. We prototyped this SFAT on a firewall on an FPGA, and then confirmed that it can mitigate the amount of DoS frames to 1/10.
