Abstract:
The vital role Supervisory Control and Data Acquisition (SCADA) systems play in controlling the modern infrastructure, along with the rapid evolution of these systems have turned them into one of the most desired targets for malicious attackers. Moreover, SCADA-specific attacks are getting more sophisticated, and yet security measures are deployed at a very slow pace. In this work, we assess the security features of the SCADA components and protocols, by building a test-bed and conducting known attacks from general-purpose computer systems, and SCADA-specific attacks. We show how to bypass some security features of SCADA protocols, in order to manipulate the SCADA components, and eventually reprogram them. Our results indicate that SCADA systems are relatively easy to tamper with, and that security measures are therefore crucial to ensure the safety of such systems. Furthermore, we develop a SCADA-specific Intrusion Detection System (IDS) that learns the normal behavior of the SCADA network traffic, and then raises alarms when abnormal behaviors are identified. The IDS is able to detect attacks such as injection, man-in-the-middle, and drop attacks, with high detection rates while keeping the false alarms at a minimum.
Description:
Thesis (M.E.)-- American University of Beirut, Department of Electrical and Computer Engineeering, 2013.
Advisor : Dr. Ayman Kayssi, Professor, Electrical and Computer Engineering ; Co-Advisor : Dr. Ali Chehab, Associate Professor, Electrical and Computer Engineering ; Committee Member : Dr. Imad Elhajj, Associate Professor, Electrical and Computer Engineering.
Includes bibliographical references (leaves 69-72)