Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

Formulation of nuclear power plant testbed and deep learning based anomaly detection mechanism for Industrial Control Systems

Panicker, Sanil (2021) Formulation of nuclear power plant testbed and deep learning based anomaly detection mechanism for Industrial Control Systems. PhD thesis, Murdoch University.

[img]
PDF - Whole Thesis
Embargoed until 2099.

Abstract

Supervisory control and data acquisition, or SCADA systems, drive mission critical production plant operations across the globe, controlling their operation at a fundamental level. The vast majority of existing plants are implemented with the communication protocol Modbus TCP, which is known to be vulnerable. Unfortunately, the governing control system network, which is the core of SCADA systems, lacks effective anomaly detection mechanisms. Furthermore, as the control system network often consists of disparate programmable logical controllers (PLC's) from various vendors, it lacks a comprehensive security mechanism that monitors data communication from one PLC to another. This means that the devices communicate with no form of authentication, allowing for the infiltration of anomalies across devices in the control system network. Moreover, traditional anomaly detection methods that may be implemented to address this issue, such as signature based intrusion detection systems or firewalls, often exhibit an inability to properly detect modern day payload attacks in the control system network. Therefore, using vulnerable communication protocols amplifies the rate of attacks against critical plants, allowing hackers to derive new access pathways to sensitive networks, confidential data and thus cause damage to critical plant processes.

This thesis aims to design a semi-supervised anomaly detection model grounded in artificial intelligence, in order to defend network and payload attacks targeted at process control networks in industrial control systems. We leverage the power of deep learning algorithms to develop a versatile anomaly detection architecture that can supplement the existing control system network to efficiently detect attacks. The ‘supplementary’ approach enables plant operators to safeguard million-dollar assets without having to overhaul hardware, software, and cause downtime. Furthermore, due to the critically time-sensitive nature of process control communication, our anomaly detection model is efficient in that, (i) it effectively detects all network and payload attacks, and takes immediate corrective action, and (ii) predictions are made within a sustainable timeframe.

The major contributions of this thesis are as follows. We construct an experimental architecture of a nuclear power plant testbed that practically utilises industrial standard programmable logical controllers (PLC) and GE proficy SCADA. Contemporary security mechanisms were replicated in the testbed to ensure that the testbed has a basic resemblance to a modern nuclear power plant in a production environment. Three renowned forms of attacks; Man-In-The-Middle, authentication and DoS; are successfully applied to this secured testbed to expose the vulnerabilities of Modbus TCP protocol. Our experiments demonstrate possible pathways, common vulnerabilities, magnitude of attacks and their devastating consequences to plant operations.

Next, a deep learning based anomaly detection model, Encoder.H5, is created, that can detect anomalous data in control system networks, securing the system against malicious attacks. Within the Purdue security architecture, the Encoder.H5 is placed at the entry point of the control system network as a prevention mechanism, as well as within the control system network as an alert mechanism. Thus, it is demonstrated how Encoder.H5 can supplement an existing control system network, and its effectiveness and applicability to all forms of plant systems is evaluated using proven methodologies.

Item Type: Thesis (PhD)
Murdoch Affiliation(s): IT, Media and Communications
Supervisor(s): Murray, David, Wong, Kevin and Fung, Lance
URI: http://researchrepository.murdoch.edu.au/id/eprint/63539
Item Control Page Item Control Page