Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems

Water Distribution Systems (WDS) are now controlled and monitored by computational systems, constituting the primary management challenge from both an operational and public health standpoint. Modbus/TCP networks in WDS were initially developed to work based on a high availability and under clos...

Full description

Saved in:
Bibliographic Details
Main Author: Franco, Daniel Jose Da Graca Peceguina
Format: Thesis
Language:English
Published: 2021
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/104013/1/FSKTM%202022%2014%20UPMIR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-upm-ir.104013
record_format uketd_dc
spelling my-upm-ir.1040132023-07-03T08:15:15Z Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems 2021-09 Franco, Daniel Jose Da Graca Peceguina Water Distribution Systems (WDS) are now controlled and monitored by computational systems, constituting the primary management challenge from both an operational and public health standpoint. Modbus/TCP networks in WDS were initially developed to work based on a high availability and under closed-networks, where security was not an issue and communications were performed in clear-text. The need of interoperability and financial reduction, triggered the evolution to opened-standard TCP/IP networks, where clear-text communications are no longer safe and are putting the systems into a highlyvulnerable level. One of the key essential elements is the privacy of data sets; they can be turned publicly available and has potential to be use for the development of security solutions. Therefore, the first problem to be tackled is the privacy optimization of Modbus/TCP packet fields. In scientific literatures, packet anonymization is performed according to attribute types (numerical, categorical and hierarchical), not taking into consideration the singular characteristics of the Modbus packet fields, using Euclidean distance algorithms that are not capable to deal with binary data and may result in information loss. Another problematic aspect is related to the intrusion detection solutions that are based on machine learning cluster algorithms to learn systems’ specifications and extract general state-based rules for attacks identification. Such approach is highly dependable on the clustering algorithm parameterization, and is not capable to deal with the normal system’s specification changes. Different parameterizations achieve different results ending in high false positive alarms or miss-identification of real intrusions. Based on these problems, this research objectives are firstly to propose SCADA Modbus/TCP packet fields’ privacy optimization using anonymization algorithms, increasing the privacy level and reducing information loss, and, secondly, to propose a State-Based IDS for attacks identification, dedicated to SCADA Modbus/TCP in WDS, capable of extracting specific rules and deal with the constant system specification changes, while reducing false positive rates and increasing accuracy. Experimental design and simulations are carried out through a quantitative approach, where the proposed solutions perform the anonymization of Modbus/TCP packet fields to achieve acceptable privacy levels for data sets publication and proposes a state-based IDS tailored to Modbus/TCP networks in WDS, taking advantage of a knowledge database and state-based rules’ language to control on systems states and constant specification changes. Experimental results show that our proposed privacy algorithm is able to work effectively in terms of privacy level (12.01 against 10.48), efficiency (2.74ms against 3.84ms) and scalability (470.15ms against 507.48ms), when dealing with multivariate traffic attributes. In relation to information loss, the proposed solution was able to achieve an average of 12.2% against 18.6% of the benchmark solution. Moreover, state-based IDS experimental results show a higher effectiveness in terms of true (99.50% against 95.75%), false positive rates (1.20% against 1.85%) and accuracy (98.70% against 93.68%), on the identification of attacks and intrusions. Over all, this research proposes a set of solutions to address privacy and security issues related to Modbus/TCP networks in WDS. Research work presented in this thesis is a significant step towards a safer SCADA WDS and public health. Supervisory control systems TCP/IP (Computer network protocol) 2021-09 Thesis http://psasir.upm.edu.my/id/eprint/104013/ http://psasir.upm.edu.my/id/eprint/104013/1/FSKTM%202022%2014%20UPMIR.pdf text en public doctoral Universiti Putra Malaysia Supervisory control systems TCP/IP (Computer network protocol) Muhammed, Abdullah
institution Universiti Putra Malaysia
collection PSAS Institutional Repository
language English
advisor Muhammed, Abdullah
topic Supervisory control systems
TCP/IP (Computer network protocol)

spellingShingle Supervisory control systems
TCP/IP (Computer network protocol)

Franco, Daniel Jose Da Graca Peceguina
Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
description Water Distribution Systems (WDS) are now controlled and monitored by computational systems, constituting the primary management challenge from both an operational and public health standpoint. Modbus/TCP networks in WDS were initially developed to work based on a high availability and under closed-networks, where security was not an issue and communications were performed in clear-text. The need of interoperability and financial reduction, triggered the evolution to opened-standard TCP/IP networks, where clear-text communications are no longer safe and are putting the systems into a highlyvulnerable level. One of the key essential elements is the privacy of data sets; they can be turned publicly available and has potential to be use for the development of security solutions. Therefore, the first problem to be tackled is the privacy optimization of Modbus/TCP packet fields. In scientific literatures, packet anonymization is performed according to attribute types (numerical, categorical and hierarchical), not taking into consideration the singular characteristics of the Modbus packet fields, using Euclidean distance algorithms that are not capable to deal with binary data and may result in information loss. Another problematic aspect is related to the intrusion detection solutions that are based on machine learning cluster algorithms to learn systems’ specifications and extract general state-based rules for attacks identification. Such approach is highly dependable on the clustering algorithm parameterization, and is not capable to deal with the normal system’s specification changes. Different parameterizations achieve different results ending in high false positive alarms or miss-identification of real intrusions. Based on these problems, this research objectives are firstly to propose SCADA Modbus/TCP packet fields’ privacy optimization using anonymization algorithms, increasing the privacy level and reducing information loss, and, secondly, to propose a State-Based IDS for attacks identification, dedicated to SCADA Modbus/TCP in WDS, capable of extracting specific rules and deal with the constant system specification changes, while reducing false positive rates and increasing accuracy. Experimental design and simulations are carried out through a quantitative approach, where the proposed solutions perform the anonymization of Modbus/TCP packet fields to achieve acceptable privacy levels for data sets publication and proposes a state-based IDS tailored to Modbus/TCP networks in WDS, taking advantage of a knowledge database and state-based rules’ language to control on systems states and constant specification changes. Experimental results show that our proposed privacy algorithm is able to work effectively in terms of privacy level (12.01 against 10.48), efficiency (2.74ms against 3.84ms) and scalability (470.15ms against 507.48ms), when dealing with multivariate traffic attributes. In relation to information loss, the proposed solution was able to achieve an average of 12.2% against 18.6% of the benchmark solution. Moreover, state-based IDS experimental results show a higher effectiveness in terms of true (99.50% against 95.75%), false positive rates (1.20% against 1.85%) and accuracy (98.70% against 93.68%), on the identification of attacks and intrusions. Over all, this research proposes a set of solutions to address privacy and security issues related to Modbus/TCP networks in WDS. Research work presented in this thesis is a significant step towards a safer SCADA WDS and public health.
format Thesis
qualification_level Doctorate
author Franco, Daniel Jose Da Graca Peceguina
author_facet Franco, Daniel Jose Da Graca Peceguina
author_sort Franco, Daniel Jose Da Graca Peceguina
title Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
title_short Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
title_full Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
title_fullStr Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
title_full_unstemmed Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
title_sort privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems
granting_institution Universiti Putra Malaysia
publishDate 2021
url http://psasir.upm.edu.my/id/eprint/104013/1/FSKTM%202022%2014%20UPMIR.pdf
_version_ 1776100396616384512