Activity
Time:
M.S. Thesis Defense: Sowmya Bandari
Date:
1:30 pm –
2:30 pm
Schorr Center
Room: 112
1100 T St
Lincoln NE 68588
Lincoln NE 68588
Additional Info: SHOR
Virtual Location:
Zoom
Target Audiences:
“A Machine Learning Framework for Packet Anomaly Detection in Smart Grid Substation Networks”
The increasing reliance on the Smart Grid for electricity distribution has introduced new cybersecurity risks, particularly in Smart Grid Substation Networks. As technology advances, these networks become more vulnerable to cyber threats, with attacks on Supervisory Control and Data Acquisition (SCADA) systems posing significant risks to critical infrastructure. The IEC 60870-5-104 (IEC-104) protocol, widely used in SCADA systems, facilitates real-time communication between Remote Terminal Units (RTUs) and control centers. However, its inherent security limitations—such as the lack of encryption and authentication—make it a prime target for cyber attackers. Cyber attackers use these vulnerabilities to disrupt grid operations, resulting in significant financial losses, system instability, and worldwide security concerns. Given SCADA’s crucial role in grid operations, security is important. This study provides an anomaly detection system to improve cybersecurity defenses for Smart Grid SCADA networks. Specifically, covert channel attacks on IEC-104, in which minor modifications are made to network packets, allow malicious activity to bypass traditional intrusion detection systems. By instrumenting the open-source ICS emulator, we inject attacks into packet capture (PCAP) in order to introduce hidden anomalies. These subtle changes pose a serious threat to network integrity, even though they are frequently missed by conventional detection algorithms. To address these stealthy threats, we develop a machine learning-based detection framework that utilizes neural networks and multiple classifiers to detect even the smallest anomalies in packet structures. Feature extraction is centered on low-level network attributes and protocol-specific patterns, significantly improving detection accuracy. This research contributes to enhancing cybersecurity resilience in SCADA networks by providing a proactive defense mechanism against evolving cyber threats in the Smart Grid infrastructure.
Committee
Dr. Byrav Ramamurthy, Advisor
Dr. Nirnimesh Ghose
Dr. Lisong Xu
The increasing reliance on the Smart Grid for electricity distribution has introduced new cybersecurity risks, particularly in Smart Grid Substation Networks. As technology advances, these networks become more vulnerable to cyber threats, with attacks on Supervisory Control and Data Acquisition (SCADA) systems posing significant risks to critical infrastructure. The IEC 60870-5-104 (IEC-104) protocol, widely used in SCADA systems, facilitates real-time communication between Remote Terminal Units (RTUs) and control centers. However, its inherent security limitations—such as the lack of encryption and authentication—make it a prime target for cyber attackers. Cyber attackers use these vulnerabilities to disrupt grid operations, resulting in significant financial losses, system instability, and worldwide security concerns. Given SCADA’s crucial role in grid operations, security is important. This study provides an anomaly detection system to improve cybersecurity defenses for Smart Grid SCADA networks. Specifically, covert channel attacks on IEC-104, in which minor modifications are made to network packets, allow malicious activity to bypass traditional intrusion detection systems. By instrumenting the open-source ICS emulator, we inject attacks into packet capture (PCAP) in order to introduce hidden anomalies. These subtle changes pose a serious threat to network integrity, even though they are frequently missed by conventional detection algorithms. To address these stealthy threats, we develop a machine learning-based detection framework that utilizes neural networks and multiple classifiers to detect even the smallest anomalies in packet structures. Feature extraction is centered on low-level network attributes and protocol-specific patterns, significantly improving detection accuracy. This research contributes to enhancing cybersecurity resilience in SCADA networks by providing a proactive defense mechanism against evolving cyber threats in the Smart Grid infrastructure.
Committee
Dr. Byrav Ramamurthy, Advisor
Dr. Nirnimesh Ghose
Dr. Lisong Xu
Download this event to my calendar
This event originated in School of Computing.