|
|
Java Implementation of DNP3 Protocol
Zárecký, Martin ; Šeda, Pavel (referee) ; Zeman, Kryštof (advisor)
The theoretical part of the bachelor thesis starts with IoT technologies, Human-toHuman and Machine-to-Machine communication schemes. It then goes into greater depth on industrial SCADA protocols and the DNP3 protocol. It continues with a detailed description of this protocol and also introduces the OpenMUC framework. In the practical part, a library of this protocol is also built, and an outstation is created that implements this library. The main part then consists of the OpenMUC framework into which we implement the DNP3 protocol. Finally, we build the communication between OpenMUC with DNP3 implemented and the DNP3 outstation.
|
|
|
Energy protocol recognition using artificial intelligence
Racka, Jan ; Holasová, Eva (referee) ; Bohačík, Antonín (advisor)
The master's thesis focuses on classification of secure network traffic of energy protocols using convolutional neural network. The theoretical part discusses the issues of neural networks and their use in network traffic classification. In addition, the energy protocols Modbus, IEC 104, TASE.2, DNP3, GOOSE, SMV, MMS, and the standard DLMS/COSEM are analyzed, including their security. In the subsequent practical part, a convolutional neural network is implemented to recognize the mentioned protocols in their secured versions. Unsecured traffic records from publicly available repositories and from traffic simulators of the mentioned protocols, and captured data in an energy polygon were used to train the neural network. TLS and GOOSE convertotrs were developed to obtain secured traffic, which ensured that the protocols using same security mechanisms were secured uniformly. The resulting secured traffic was preprocessed into a two-dimensional format and was presented as input to the neural network for learning. The input image was created from the application parts of packets of the energy protocol session and formatted to the 28 × 28 byte image. The resulting network accuracy on the test data was 95,75 %. Furthermore, the network was tested on real traffic in an energy polygon, where it correctly recognized several protocols. A classifier for the operational state of a station that communicates using IEC 104 secured with TLS was developed as part of a partial objective of the thesis. The task of the classifier was to recognize, using encrypted messages, the state of the tested station. The classifier consisted of a convolutional neural network, which were usinga two-dimensional image consisting of information from a sequence of five consecutive packets as input. The information consisted of the interarrival time between packets, the length of the TLS encrypted application data, and the encrypted application data up to size 64 B. To obtain enough data to train the convolutional network, a simulator of characteristic messages for each state was developed. The classifier showed an accuracy of 43,05 % on the test data after the learning phase. Next, the classifier underwent testing on the test stations, where it was able to distinguish normal state of the state from events, but could not distinguish certain events of similar nature from each other.
|
|
|
Emulation of Attacks on SCADA/ICS Communication
Grofčík, Peter ; Grégr, Matěj (referee) ; Matoušek, Petr (advisor)
The goal of this master's thesis is to emulate suitable network attacks on the control communication of ICS/SCADA systems with a subsequent design and implementation that can detect them. The first part of the work consists of categorization and acquaintance with individual types of attacks on industrial networks. Using classified datasets combined with a research of available datasets, in the next chapter I describe the selection of suitable attacks, which are at least indirectly related to control communication and are also feasible on virtual devices that are communicating using the IEC104 protocol, which I chose for my work. I then perform the selected attacks and record their progress in a set of PCAP files. Those files form the input for the next part that concerns anomaly detection using statistical methods.
|
|
|
Gathering information about industrial equipment using a search engine
Danko, Krištof ; Fujdiak, Radek (referee) ; Pospíšil, Ondřej (advisor)
The work is focused on operating technologies, specificaly on the security of PLC (programmable logic controller), and obtaining information using device search engines. The types and parts of industrial networks, which are the main segment of operational technologies, and the search engines such as Shodan, Censy, BinaryEdge, and Zoomeye are described. These search engines are compared based on available information and industry protocols Siemens S7, Modbus, Ethernet / IP, and DNP3. In addition to comparing search engines, this work aims to create an application that can download results from the Shodan search engine via the Shodan API and store them in a database. Another point of work is the connection of own PLC, to determine the time of PLC appearing in search engines.
|
|
|
Appropriate strategy for security incident detection in industrial networks
Kuchař, Karel ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This diploma thesis is focused on problematics of the industrial networks and offered security by the industrial protocols. The goal of this thesis is to create specific methods for detection of security incidents. This thesis is mainly focused on protocols Modbus/TCP and DNP3. In the theoretical part, the industrial protocols are described, there are defined vectors of attacks and is described security of each protocol. The practical part is focused on the description and simulation of security incidents. Based on the data gathered from the simulations, there are identified threats by the introduced detection methods. These methods are using for detecting the security incident an abnormality in the network traffic by created formulas or machine learning. Designed methods are implemented to IDS (Intrusion Detection System) of the system Zeek. With the designed methods, it is possible to detect selected security incidents in the destination workstation.
|
|
|
Simulator of SCADA protocols
Bohačík, Antonín ; Mlýnek, Petr (referee) ; Blažek, Petr (advisor)
This work is focused on creation of fully functional communication generator of IEC 60870-5-104 protocol. The theoretical part explains in detail the basic principles, properties and possibilities of communication standards DNP3, IEC 60870 and IEC 61850. The next part is focused on the analysis of communication and implementation of this communication in the PQ MEg44PAN device. The last part deals with the configuration of Raspberry Pi 3 devices and the communication emulation of the IEC 60870-5-104 protocol. All programs were written and tested using the Clion development environment.
|
|
|
Traffic generator of industrial protocols
Šnajdr, Václav ; Blažek, Petr (referee) ; Martinásek, Zdeněk (advisor)
This bachelor thesis deals with generating data traffic of industrial SCADA protocols and their implementation into JMeter tool. This tool can be expanded with plugins. Three protocols DNP3, IEC61850 and IEC60870-5 are described in the theoretical part. The practical part is devoted to the design and implementation of the DNP3 protocol module and partly to the design of the IEC61850 protocol. The DNP3 module has been functionally tested. There is also an attempt to obtain the TASE.2 library.
|
|
|
Security assessment for industrial protocols
Priščák, Jaroslav ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This bachelor thesis is focused on security verification of selected protocols used in ICS/SCADA systems. The theoretical part explains the basic principles of the division and management of SCADA systems. Consequently on their communication using protocols (MODBUS, DNP 3, IEC 60870-5-104 and IEC 61850) and their capabilities. In the next chapter, the thesis deals with the analysis of these protocols in terms of security and design methods for their verification. The selected protocols were DNP3 and IEC 60870-5-104, which deal with the work of next parts. Virtualized network, which was simulated using the selected communication protocol DNP3 and IEC 60870-5-104 was created. Subsequently, the security of the protocols was tested using the developed tools and the Kali Linux virtual machine. In the last chapter, the thesis deals with mitigation measures on these created attacks.
|
|
|
An Analysis of Smart Grid Communication Protocols
Sobotka, Lukáš ; Grégr, Matěj (referee) ; Ryšavý, Ondřej (advisor)
This work deals security of SCADA industry systems which are used in energetic networks. It describes architecture of those systems and also analyze in details two communication protocols -- DNP3 and IEC 60870-5-104. Next part is devoted to the analysis of anomaly and security threats which can be happen in SCADA systems. The main goal of this work is design and implementation of system which will be able to detect some of threats or anomalies. Also is necessary to propose simulation environment for testing.
|
|
|
Simulator of SCADA protocols
Studený, Radim ; Fujdiak, Radek (referee) ; Blažek, Petr (advisor)
This work describes DNP3, IEC-60870, IEC-61850 communication protocols and their implementing in SCADA systems. It further describes communication of these protocols between RaspberryPi as a slave device and Personal Computer as a master device.
|
guest ::
