Towards a supervised machine learning algorithm for cyberattacks detection and prevention in a smart grid cybersecurity system

dc.contributor.advisorBlaauw, Dewalden_ZA
dc.contributor.advisorWatson, Bruceen_ZA
dc.contributor.authorBanda, Takudzwa Vincenten_ZA
dc.contributor.otherStellenbosch University. Faculty of Arts and Social Sciences. Dept. of Information Science.en_ZA
dc.date.accessioned2024-01-30T16:43:08Z
dc.date.accessioned2024-04-27T00:03:37Z
dc.date.available2024-01-30T16:43:08Z
dc.date.available2024-04-27T00:03:37Z
dc.date.issued2024-03
dc.descriptionThesis (MA)--Stellenbosch University, 2024. en_ZA
dc.description.abstractENGLISH SUMMARY: Critical infrastructure cyberattacks have become a significant threat to national security worldwide. Adversaries exploit vulnerabilities in communication networks, technologies, and protocols of smart grid SCADA networks to gain access and control of power grids, causing blackouts. Despite the need to safeguard the reliable and stable operation of the grid against cyberattacks, simultaneously detecting and preventing attacks presents a significant challenge. To address this, a Kali Linux machine was connected to a smart grid SCADA network simulated in GNS3 to perform common cyberattacks. Wireshark was then deployed to capture network traffic for machine learning. Aiming to improve the detection and prevention of cyberattacks the study proposed a dual-tasked ensemble supervised machine learning model, a combination of Multi-Layer Perceptron Neural Network (MLPNN) and Extreme Gradient Boosting (XGBoost), that had an average accuracy of 99.60% and detection rate of 99.48%. The first task of the model distinguishes between normal state and cyberattack modes of operation. The second task prevents suspicious packets from reaching the network destination devices. Leveraging the PowerShell command-line tool, to success the model dynamically applies packet filtering firewall rules based on its predictions. Therefore, the proposed model is both an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). The model was tested on new data, producing an accuracy of 99.19% and detection rate of 98.95%. Furthermore, the model's performance was compared to existing proposed cyber-attack detection models and consistently outperforms these proposed models on most datasets, demonstrating its superiority in terms of precision, accuracy, and recall/detection rate. Thus, the proposed model, with its function as a firewall, enhances the overall security capabilities of the smart grid SCADA networks and significantly mitigates potential cyberattacks.en_ZA
dc.description.abstractAFRIKAANSE OPSOMMING: Kritieke Infrastruktuur kuberaanvalle het wereldwyd 'n beduidende bedreiging vir nasionale veiligheid geword. Teenstanders ontgin kwesbaarhede in kommunikasienetwerke, tegnologiee en protokolle van slimnetwerk-SCADA-netwerke om toegang en beheer van kragnetwerke te verkry, wat onderbrekings veroorsaak. Ten spyte van die behoefte om die betroubare en stabiele werking van die netwerk teen kuberaanvalle te beskerm, bied die opsporing en voorkoming van aanvalle terselfdertyd 'n groot uitdaging. Om dit aan te spreek, is 'n Kali Linux-masjien gekoppel aan 'n slimnetwerk SCADA-netwerk wat in GNS3 gesimuleer is om algemene kuberaanvalle uit te voer. Wireshark is toe ontplooi om netwerkverkeer vir masjienleer vas te le. Met die doel om die opsporing en voorkoming van kuberaanvalle te verbeter, het die studie 'n tweetalige proses onder toesig masjienleermodel voorgestel, 'n kombinasie van Multi-Layer Perceptron Neurale Netwerk (MLPNN) en Extreme Gradient Boosting (XGBoost), wat 'n gemiddelde akkuraatheid van 99.60% gehad het ‘n en opsporingsyfer van 99.48%. Die eerste taak van die model onderskei tussen normale toestande en kuberaanval werkswyses. Die tweede taak verhoed dat verdagte pakkies die netwerkbestemmingstoestelle bereik. Deur gebruik te maak van die PowerShell-opdragreelnutsding om sukses te behaal, pas die model pakkie-filtrerende vuurmuur reels dinamies toe op grond van sy voorspellings. Die voorgestelde model is beide 'n Intrusion Detection System (IDS) en Intrusion Prevention System (IPS). Die model is op nuwe data getoets, wat 'n akkuraatheid van 99.19% en opsporingsyfer van 98.95% gelewer het. Verder is die model se werkverrigting vergelyk met bestaande voorgestelde kuberaanval-opsporingsmodelle en presteer konsekwent beter as hierdie voorgestelde modelle op die meeste datastelle, wat die superioriteit daarvan demonstreer in terme van akkuraatheid, akkuraatheid en herroep/opsporingstempo. Die voorgestelde model, met sy funksie as 'n brandmuur, verbeter die algehele sekuriteitsvermoens van die slimnetwerk SCADA-netwerke en versag potensiele kuberaanvalle aansienlik.af_ZA
dc.description.versionMasters
dc.format.extentxix, 171 pages : illustrations, includes annexures
dc.identifier.urihttps://scholar.sun.ac.za/handle/10019.1/130615
dc.language.isoen_ZAen_ZA
dc.publisherStellenbosch : Stellenbosch University
dc.rights.holderStellenbosch University
dc.subject.lcshCyberinfrastructure -- Security measuresen_ZA
dc.subject.lcshCyberterrorism -- Preventionen_ZA
dc.subject.lcshCyberinfrastructure -- Preventionen_ZA
dc.subject.lcshSmart power grids -- Security measuresen_ZA
dc.subject.nameUCTD
dc.titleTowards a supervised machine learning algorithm for cyberattacks detection and prevention in a smart grid cybersecurity systemen_ZA
dc.typeThesisen_ZA
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
banda_towards_2024.pdf
Size:
5.17 MB
Format:
Adobe Portable Document Format
Description: