Rishabh Das

Date of Award

2020

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Engineering

Committee Chair

Tommy Morris

Committee Member

David J. Coe

Committee Member

Earl Wells

Committee Member

Seong-Moo Yoo

Committee Member

Dalton S. Nelson

Subject(s)

Computer security--Industrial applications, Programmable controllers--Security measures, Programmable logic devices--Security measures

Abstract

Supervisory Control and Data Acquisition (SCADA) is a process control architecture with interconnected computers monitoring and controlling physical processes using sensors and actuators. SCADA manages large cyber-physical systems like water treatment, gas pipelines, oil terminals, and power systems. These processes use a decentralized computing architecture. Small ruggedized digital computers (programmable logic controllers or PLCs) adapted for the control of industrial processes perform the distributed control. These computers do not have security built into them and rely on external nodes for the detection of cyber-attacks. This dissertation introduces an embedded intrusion detection system (IDS) inside the PLCs. The embedded intrusion detection system detects anomalies related to the PLC's network traffic and abnormalities of the sensors and actuators in the physical process. Additionally, the embedded IDS has a peer-to-peer network to share system state among PLCs. The shared states allow the embedded IDS to detect the legitimacy of sensors connected to neighboring nodes. The evaluation of the intrusion detection framework needs a modular high fidelity SCADA testbed capable of reproducing large scale cascading events. Moreover, the framework should support the examination of the interdependencies between subsystems. Because such testbeds are lacking in the SCADA research community, this dissertation introduces a novel modeling and simulation approach by segmenting SCADA components into five segments. This technology is employed to replicate a virtual midstream oil terminal adhering to the American Petroleum Institute (API) standards. The virtual midstream oil terminal acts as a foundation for testing the intrusion detection framework and is one of the major contributions of this research. Hence, the contributions of this research are towards two primary domains related to SCADA cyber-security: a modular SCADA virtualization framework and an embedded intrusion detection system.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.