Privacy optimization and intrusion detection in modbus/tcp network-based scada in water distribution systems

Water Distribution Systems (WDS) are now controlled and monitored by computational systems, constituting the primary management challenge from both an operational and public health standpoint. Modbus/TCP networks in WDS were initially developed to work based on a high availability and under closed-networks, where security was not an issue and communications were performed in clear-text. The need of interoperability and financial reduction, triggered the evolution to opened-standard TCP/IP networks, where clear-text communications are no longer safe and are putting the systems into a highlyvulnerable level. One of the key essential elements is the privacy of data sets; they can be turned publicly available and has potential to be use for the development of security solutions. Therefore, the first problem to be tackled is the privacy optimization of Modbus/TCP packet fields. In scientific literatures, packet anonymization is performed according to attribute types (numerical, categorical and hierarchical), not taking into consideration the singular characteristics of the Modbus packet fields, using Euclidean distance algorithms that are not capable to deal with binary data and may result in information loss. Another problematic aspect is related to the intrusion detection solutions that are based on machine learning cluster algorithms to learn systems’ specifications and extract general state-based rules for attacks identification. Such approach is highly dependable on the clustering algorithm parameterization, and is not capable to deal with the normal system’s specification changes. Different parameterizations achieve different results ending in high false positive alarms or miss-identification of real intrusions. Based on these problems, this research objectives are firstly to propose SCADA Modbus/TCP packet fields’ privacy optimization using anonymization algorithms, increasing the privacy level and reducing information loss, and, secondly, to propose a State-Based IDS for attacks identification, dedicated to SCADA Modbus/TCP in WDS, capable of extracting specific rules and deal with the constant system specification changes, while reducing false positive rates and increasing accuracy. Experimental design and simulations are carried out through a quantitative approach, where the proposed solutions perform the anonymization of Modbus/TCP packet fields to achieve acceptable privacy levels for data sets publication and proposes a state-based IDS tailored to Modbus/TCP networks in WDS, taking advantage of a knowledge database and state-based rules’ language to control on systems states and constant specification changes. Experimental results show that our proposed privacy algorithm is able to work effectively in terms of privacy level (12.01 against 10.48), efficiency (2.74ms against 3.84ms) and scalability (470.15ms against 507.48ms), when dealing with multivariate traffic attributes. In relation to information loss, the proposed solution was able to achieve an average of 12.2% against 18.6% of the benchmark solution. Moreover, state-based IDS experimental results show a higher effectiveness in terms of true (99.50% against 95.75%), false positive rates (1.20% against 1.85%) and accuracy (98.70% against 93.68%), on the identification of attacks and intrusions. Over all, this research proposes a set of solutions to address privacy and security issues related to Modbus/TCP networks in WDS. Research work presented in this thesis is a significant step towards a safer SCADA WDS and public health.

Text FSKTM 2022 14 UPMIR.pdf Download (875kB)

Actions (login required)

View Item