Towards Accurate and Reliable Industrial Intrusion Detection Systems Using Shadow Replicas
| dc.contributor.author | Nwodo, Kenechukwu Anthony | en |
| dc.contributor.committeechair | Stavrou, Angelos | en |
| dc.contributor.committeemember | Wang, Haining | en |
| dc.contributor.committeemember | Ampadu, Paul K. | en |
| dc.contributor.department | Electrical and Computer Engineering | en |
| dc.date.accessioned | 2026-03-03T19:27:03Z | en |
| dc.date.available | 2026-03-03T19:27:03Z | en |
| dc.date.issued | 2023-05-10 | en |
| dc.description.abstract | Supervisory Control and Data Acquisition (SCADA) systems manage the operations of a plethora of safety-critical industrial control systems. Due to their sensitive nature, SCADA systems have been the target of adversaries employing a wide range of attacks. This thesis proposes an approach to protect SCADA systems against attacks that evade detection because of the lack of a comprehensive view of both application and network-layer responses. Specifically, we leverage multiple open-source Network Intrusion Detection Systems (NIDSs) paired with a SCADA shadow replica to provide both network and application threat detection. The shadow replica is augmented with a Finite State Machine (FSM) to compute the anticipated states of both the SCADA system and connected devices. Isolated from the operational network, it is protected from direct front-end attacks. When the SCADA system becomes compromised, even without an IDS alert, the replica can expose the attack and offer an operational failover. We implement a prototype of our system and evaluate it against locally executed attacks on commercial out-of-the-box devices and public IoT datasets. Results indicate that incorporating the shadow replica alongside NIDSs can enhance detection coverage in our evaluations. | en |
| dc.description.abstractgeneral | As the number of network-enabled industrial control devices and sensors increase, so does the importance of the central systems that control them, known as Supervisory Control and Data Acquisition (SCADA) systems. This interconnectedness, however, has led to a rise in cyberattacks attempting to breach these critical devices. This thesis proposes a novel approach to protect SCADA systems from threats that exploit specific network behaviors. We pair network monitoring tools such as Network Intrusion Detection Systems (NIDSs) with a shadow replica, which acts as a digital mirror of the system. To track the states of the system and protect the shadow replica from direct attacks, we utilize a mathematical model called Finite State Machines (FSMs). We designed and implemented this system by integrating commercial sensors with an open source SCADA controller. Our experiments show that using a shadow replica provides an additional layer of defense against these attacks. | en |
| dc.description.degree | Master of Science | en |
| dc.format.medium | ETD | en |
| dc.format.mimetype | application/pdf | en |
| dc.identifier.uri | https://hdl.handle.net/10919/141648 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | Shadow Replica | en |
| dc.subject | Intrusion Detection | en |
| dc.subject | Supervisory Control and Data Acquisition | en |
| dc.title | Towards Accurate and Reliable Industrial Intrusion Detection Systems Using Shadow Replicas | en |
| dc.type | Thesis | en |
| dc.type.dcmitype | Text | en |
| thesis.degree.discipline | Computer Engineering | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | masters | en |
| thesis.degree.name | Master of Science | en |