Computer Science and Engineering, Department of

Computer Science, Computer Engineering, and Bioinformatics: Dissertations, Theses, and Student Research
First Advisor
Byrav Ramamurthy
Committee Members
Nirnimesh Ghose, Lisong Xu
Date of this Version
5-2025
Document Type
Thesis
Citation
A thesis presented to the faculty of the Graduate College at the University of Nebraska in partial fulfillment of requirements for the degree of Master of Science
Major: Computer Science
Under the supervision of Professor Byrav Ramamurthy
Lincoln, Nebraska: May, 2025
Abstract
The increasing reliance on Smart Grid Substation Networks for efficient electricity distribution has amplified cybersecurity vulnerabilities, particularly within Supervisory Control and Data Acquisition (SCADA) systems. The IEC 60870-5-104 (IEC-104) protocol, widely adopted for communication between Remote Terminal Units (RTUs) and Human-Machine Interfaces (HMIs), lacks inherent encryption and authentication mechanisms, rendering it susceptible to sophisticated cyberattacks. Threats such as False Data Injection Attacks (FDIAs), command injection, covert attacks and replay attacks pose significant risks by manipulating grid control signals, potentially leading to undetected operational disruptions, cascading failures, or system-wide instability. Conventional signature-based Intrusion Detection Systems (IDS) often fail to identify zero-day exploits and adaptive adversarial strategies, underscoring the need for advanced security measures in IEC-104-based SCADA networks.
This research addresses these vulnerabilities through two approaches, both centered on IEC-104 packet data. The first challenge involves designing a comprehensive experimental setup to generate IEC-104 traffic patterns, followed by the injection of malicious data to simulate attack scenarios. This synthetic dataset is used to train and evaluate multiple machine learning models like Random Forest, XGBoost, and a hybrid Convolutional Neural Network with Long Short Term Memory (CNN-LSTM) to detect anomalies with high accuracy. The second challenge involves leveraging a real-world IEC-104 dataset encompassing diverse attack scenarios, employing the same suite of models (Random Forest, XGBoost, and LSTM) to classify malicious activities. Although both datasets focus on IEC-104 packets, they differ in feature composition, enabling a robust assessment of model performance across varied contexts. By tackling these challenges, this study develops and validates a scalable, intelligent IDS framework, enhancing real-time detection capabilities and providing a tailored defense against evolving threats in Smart Grid communication networks.
Advisor: Byrav Ramamurthy
Comments
Copyright © 2025, Sowmya Bandari. Used by permission