|
|
Automata Learning for Fast Detection of Anomalies in Network Traffic
Hošták, Viliam Samuel ; Matoušek, Petr (referee) ; Holík, Lukáš (advisor)
The focus of this thesis is the fast network anomaly detection based on automata learning. It describes and compares several chosen automata learning algorithms including their adaptation for the learning of network characteristics. In this work, various network anomaly detection methods based on learned automata are proposed which can detect sequential as well as statistical anomalies in target communication. For this purpose, they utilize automata's mechanisms, their transformations, and statistical analysis. Proposed detection methods were implemented and evaluated using network traffic of the protocol IEC 60870-5-104 which is commonly used in industrial control systems.
|
|
|
Application for Statistical Analysis of ICS Communication
Chimenti, Andrea ; Bartík, Vladimír (referee) ; Burgetová, Ivana (advisor)
This work aims to present the design and implementation of an application for statistical analysis of network traffic in ICS (Industrial Control Systems) communication. In the first place, the work presents Industrial Control Systems and some of their most common protocols. The protocol IEC 104 is described in more detail. This is followed by an introduction to the basic methods of descriptive statistics, that can be used to analyze industrial communication. For this purpose, several CSV datasets, that capture fragments of industrial communication, have been used. These datasets are used to show how some of the previously described statistical methods can be used. The work then describes the implementation of an application, which allows to analyze the datasets and obtain various statistics and a visual representation of the data. The main objective of the application is to make it easier for the user to find stable characteristics that can be used for anomaly and attack detection. Finally, the benefits that the application brings are demonstrated on a set of datasets containing different types of attacks.
|
|
|
Simulation of communication part of modern industrial networks
Beneš, Pavel ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
The thesis is focused on simulating of protocols from standard IEC 61850 in simulation tool OMNeT++. The theoretical part in the thesis deals with description of the field of operating technologies, supervisory control and data acquisition and protocols Tase-2/ICCP, IEC 61850, IEC 60870-5-104, DNP 3 and DLMS/COSEM. Next part deals with parameters influencing connection and description of simulation tools NS2/NS3, OPNET and OMNeT++. In the practical part there is created a network containing protocols from the standard IEC 61850 in the simulation program OMNeT++. Then in the network a end to end delay and packet loss with increasing traffic is measured.
|
|
|
Description and testing of communication protocols IEC 60870-5-103 and 60870-5-104
Pekárek, Dominik ; Mičulka,, Petr (referee) ; Sumec, Stanislav (advisor)
This thesis is focused on testing of communication protocols IEC 60870-5-103 and IEC 60870-5-104. Theoretical part of the thesis describes basic principles, services and possibilities of both communication protocols. Practical part of the thesis deals with configuration of the IEC 60870-5-103 communication standard of protective terminal REF630. PCVDEW6 tool was used to test this communication protocol. Next part of the thesis is focused on convertion of the communication standard IEC 61850 to IEC 61870-5-104 using control system COM600. The testing of both communication protocols was carried out in the laboratory of the protection relays on the testing panels at ABB Brno.
|
|
|
Energy testbed security
Zatloukal, Zdeněk ; Blažek, Petr (referee) ; Bohačík, Antonín (advisor)
The topic of the thesis is focused on the energy testbed security. The main objective of the work is the implementation of secure data communication of IEC 60870-5-104 protocol in the transmission system testbed according to the standard ČSN EN 62351. Furthermore, a comparison of secured and unsecured communication is included with testing of selected vulnerabilities. Subsequently, control functions related to testbed security were implemented in the control interface.
|
|
|
Intelligent systems of mass data acquisition in power grids
Krejčír, Ľuboš ; Koutný, Martin (referee) ; Mišurec, Jiří (advisor)
This paper is describing the issues of data collection in power distribution networks. It discusses the posibilities of data communication over wide area networks using the communication protocol IEC 60870-5-104, used in power distribution systems for transmission of information over IP networks. Thesis presents 4 technologies, suitable for data collection, with respect to the use of existing infrastructure of the utility. It focuses on design of appropriate data types in correspondence with used IEC 60870-5-104 protocol, and estimates the minimum data requirements for transmission, through proposed hierarchical network, with collecting data concentrators. For verification of given design, simulations are carried out based on proposed data loads with subsequent analysis of network load and transmission delays. Consequently, the results are analyzed and selected parts of network optimized for improvement od selected results, of which causes of formation are discussed in debate.
|
|
|
Security assessment for industrial protocols
Priščák, Jaroslav ; Blažek, Petr (referee) ; Fujdiak, Radek (advisor)
This bachelor thesis is focused on security verification of selected protocols used in ICS/SCADA systems. The theoretical part explains the basic principles of the division and management of SCADA systems. Consequently on their communication using protocols (MODBUS, DNP 3, IEC 60870-5-104 and IEC 61850) and their capabilities. In the next chapter, the thesis deals with the analysis of these protocols in terms of security and design methods for their verification. The selected protocols were DNP3 and IEC 60870-5-104, which deal with the work of next parts. Virtualized network, which was simulated using the selected communication protocol DNP3 and IEC 60870-5-104 was created. Subsequently, the security of the protocols was tested using the developed tools and the Kali Linux virtual machine. In the last chapter, the thesis deals with mitigation measures on these created attacks.
|
|
|
An Analysis of Smart Grid Communication Protocols
Sobotka, Lukáš ; Grégr, Matěj (referee) ; Ryšavý, Ondřej (advisor)
This work deals security of SCADA industry systems which are used in energetic networks. It describes architecture of those systems and also analyze in details two communication protocols -- DNP3 and IEC 60870-5-104. Next part is devoted to the analysis of anomaly and security threats which can be happen in SCADA systems. The main goal of this work is design and implementation of system which will be able to detect some of threats or anomalies. Also is necessary to propose simulation environment for testing.
|
|
|
Generic Flow Analysis in Computer Networks
Jančová, Markéta ; Holkovič, Martin (referee) ; Kolář, Dušan (advisor)
Tato práce se zabývá problematikou popisu síťového provozu pomocí automaticky vytvořeného modelu komunikace. Hlavním zaměřením jsou komunikace v řídicích systémech , které využívají speciální protokoly, jako je například IEC 60870-5-104 . V této práci představujeme metodu charakteristiky síťového provozu z pohledu obsahu komunikace i chování v čase. Tato metoda k popisu využívá deterministické konečné automaty , prefixové stromy a analýzu opakovatelnosti. Ve druhé části této diplomové práce se zaměřujeme na implementaci programu, který je schopný na základě takového modelu komunikace verifikovat síťový provoz v reálném čase.
|
|
|
Application for Statistical Analysis of ICS Communication
Chimenti, Andrea ; Bartík, Vladimír (referee) ; Burgetová, Ivana (advisor)
This work aims to present the design and implementation of an application for statistical analysis of network traffic in ICS (Industrial Control Systems) communication. In the first place, the work presents Industrial Control Systems and some of their most common protocols. The protocol IEC 104 is described in more detail. This is followed by an introduction to the basic methods of descriptive statistics, that can be used to analyze industrial communication. For this purpose, several CSV datasets, that capture fragments of industrial communication, have been used. These datasets are used to show how some of the previously described statistical methods can be used. The work then describes the implementation of an application, which allows to analyze the datasets and obtain various statistics and a visual representation of the data. The main objective of the application is to make it easier for the user to find stable characteristics that can be used for anomaly and attack detection. Finally, the benefits that the application brings are demonstrated on a set of datasets containing different types of attacks.
|
guest ::
