Loading...

A Formal Method for Intrusion Detection in Industrial Control Protocols

Abdi, Hamid Reza | 2014

585 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 46309 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Izadi, Mohammad
  7. Abstract:
  8. SCADA controls, audits and accesses data but is only attributed for controlling and carrying out measurements on a large scale. In the SCADA, gathering of information starts from the PLC and after interpretation morphs into a format that can be shown to the user of the control room. In the SCADA system, many protocols are used to exchange information amongst logical controller units like DNP3, Profibus and Modbus. Many of the aforementioned protocols have been upgraded and are used in the Internet. The use in the Internet has led to vulnerability of SCADA from Internet hackers. Consequently, securing the SCADA system is essential for nationally sensitive structures. The goal of this thesis is to present and potentially implement a method to detect intrusions in protocols of Industrial control. A hybrid IDS has been designed and applied so that it uses both methods of state based and anomaly based IDS. The state based IDS relies on the assumption that the goal of attacker is to change the state-of-system to critical. Considering the evolving path of the system and finding a potential critical state, it will be possible to detect threats automatically. In an anomaly-based method, a visual method is used to model flow of network packets. In this approach, sighting of packets in the SCADA network are modeled with a developed, deterministic finite automata. Additionally, Markov chains have been used to determine the probability of edges of automata that strengthen the power of the system in order to make decisions about state of system. In this thesis, a lab structure is evaluated and tested. The results show that the combination of both state and anomaly based is better than each of them separately
  9. Keywords:
  10. Markov Chain ; Programmable Logic Controller (PLC) ; Formal Methods ; Intrusion Detection System ; Supervisory Contorol and Data Acquision (SCADA) ; Deterministic Finite Automaton (DFA)

 Digital Object List

 Bookmark

No TOC