Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
Water Distribution Systems (WDS) are now controlled and monitored by computational systems, constituting the primary management challenge from both an operational and public health standpoint. Modbus/TCP networks in WDS were initially developed to work based on a high availability and under clos...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/104013/1/FSKTM%202022%2014%20UPMIR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Water Distribution Systems (WDS) are now controlled and monitored by
computational systems, constituting the primary management challenge from
both an operational and public health standpoint. Modbus/TCP networks in
WDS were initially developed to work based on a high availability and under
closed-networks, where security was not an issue and communications were
performed in clear-text. The need of interoperability and financial reduction,
triggered the evolution to opened-standard TCP/IP networks, where clear-text
communications are no longer safe and are putting the systems into a highlyvulnerable
level.
One of the key essential elements is the privacy of data sets; they can be
turned publicly available and has potential to be use for the development of
security solutions. Therefore, the first problem to be tackled is the privacy
optimization of Modbus/TCP packet fields. In scientific literatures, packet
anonymization is performed according to attribute types (numerical, categorical
and hierarchical), not taking into consideration the singular characteristics of
the Modbus packet fields, using Euclidean distance algorithms that are not
capable to deal with binary data and may result in information loss. Another
problematic aspect is related to the intrusion detection solutions that are based
on machine learning cluster algorithms to learn systems’ specifications and
extract general state-based rules for attacks identification. Such approach is
highly dependable on the clustering algorithm parameterization, and is not
capable to deal with the normal system’s specification changes. Different
parameterizations achieve different results ending in high false positive alarms
or miss-identification of real intrusions. Based on these problems, this research
objectives are firstly to propose SCADA Modbus/TCP packet fields’ privacy
optimization using anonymization algorithms, increasing the privacy level and
reducing information loss, and, secondly, to propose a State-Based IDS for
attacks identification, dedicated to SCADA Modbus/TCP in WDS, capable of extracting specific rules and deal with the constant system specification
changes, while reducing false positive rates and increasing accuracy.
Experimental design and simulations are carried out through a quantitative
approach, where the proposed solutions perform the anonymization of
Modbus/TCP packet fields to achieve acceptable privacy levels for data sets
publication and proposes a state-based IDS tailored to Modbus/TCP networks
in WDS, taking advantage of a knowledge database and state-based rules’
language to control on systems states and constant specification changes.
Experimental results show that our proposed privacy algorithm is able to work
effectively in terms of privacy level (12.01 against 10.48), efficiency (2.74ms
against 3.84ms) and scalability (470.15ms against 507.48ms), when dealing
with multivariate traffic attributes. In relation to information loss, the proposed
solution was able to achieve an average of 12.2% against 18.6% of the
benchmark solution. Moreover, state-based IDS experimental results show a
higher effectiveness in terms of true (99.50% against 95.75%), false positive
rates (1.20% against 1.85%) and accuracy (98.70% against 93.68%), on the
identification of attacks and intrusions. Over all, this research proposes a set of
solutions to address privacy and security issues related to Modbus/TCP
networks in WDS. Research work presented in this thesis is a significant step
towards a safer SCADA WDS and public health. |
|---|