University of Twente Student Theses

Login

Traffic filtering based on subsystem component state

Diallo, A.O. (2017) Traffic filtering based on subsystem component state.

[img] PDF
1MB
Abstract:Firewalls while able to filter traffic for which they have rules for are susceptible to allowing traffic that could have negative impacts on the state of an industrial control system (ICS). In order to be able to block traffic that looks legitimate but may cause the ICS system to go into unwanted states the firewall needs to consider the current state of the system and how the traffic may change this state. In this thesis the 1996 IEEE 24 bus one area reliability test system and the IEC 60870-5-104 protocol are used to represent an ICS power system and the traffic format respectively. Two methods, minimum and maximum bus connections, and branch power correlations, are used to define critical components that provide information about the ICS system. These critical components are modeled within the firewall and checked for violations whenever traffic that can change the system, identified through inspection of fields in the IEC 60870-5-104 protocol, is processed. The false positive and negative rates, and accuracy of the firewall are evaluated for different cases where critical components are identified by one of the two methods. Results from this thesis show that using branch power correlations to identify critical components and incorporating that information into the model helps to filter out traffic but can be improved with the addition of correlations between bus voltages.
Item Type:Essay (Master)
Clients:
Compumatica Secure Networks, Uden, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/73261
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page