Computer Science and Engineering, Department of

 

Computer Science, Computer Engineering, and Bioinformatics: Dissertations, Theses, and Student Research

First Advisor

Byrav Ramamurthy

Committee Members

Nirnimesh Ghose, Lisong Xu

Date of this Version

5-2025

Document Type

Thesis

Citation

A thesis presented to the faculty of the Graduate College at the University of Nebraska in partial fulfillment of requirements for the degree of Master of Science

Major: Computer Science

Under the supervision of Professor Byrav Ramamurthy

Lincoln, Nebraska: May, 2025

Comments

Copyright © 2025, Sowmya Bandari. Used by permission

Abstract

The increasing reliance on Smart Grid Substation Networks for efficient electricity distribution has amplified cybersecurity vulnerabilities, particularly within Supervisory Control and Data Acquisition (SCADA) systems. The IEC 60870-5-104 (IEC-104) protocol, widely adopted for communication between Remote Terminal Units (RTUs) and Human-Machine Interfaces (HMIs), lacks inherent encryption and authentication mechanisms, rendering it susceptible to sophisticated cyberattacks. Threats such as False Data Injection Attacks (FDIAs), command injection, covert attacks and replay attacks pose significant risks by manipulating grid control signals, potentially leading to undetected operational disruptions, cascading failures, or system-wide instability. Conventional signature-based Intrusion Detection Systems (IDS) often fail to identify zero-day exploits and adaptive adversarial strategies, underscoring the need for advanced security measures in IEC-104-based SCADA networks.

This research addresses these vulnerabilities through two approaches, both centered on IEC-104 packet data. The first challenge involves designing a comprehensive experimental setup to generate IEC-104 traffic patterns, followed by the injection of malicious data to simulate attack scenarios. This synthetic dataset is used to train and evaluate multiple machine learning models like Random Forest, XGBoost, and a hybrid Convolutional Neural Network with Long Short Term Memory (CNN-LSTM) to detect anomalies with high accuracy. The second challenge involves leveraging a real-world IEC-104 dataset encompassing diverse attack scenarios, employing the same suite of models (Random Forest, XGBoost, and LSTM) to classify malicious activities. Although both datasets focus on IEC-104 packets, they differ in feature composition, enabling a robust assessment of model performance across varied contexts. By tackling these challenges, this study develops and validates a scalable, intelligent IDS framework, enhancing real-time detection capabilities and providing a tailored defense against evolving threats in Smart Grid communication networks.

Advisor: Byrav Ramamurthy

Share

COinS