Browsing by Author "Banda, Takudzwa Vincent"

Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Towards a supervised machine learning algorithm for cyberattacks detection and prevention in a smart grid cybersecurity system
    (Stellenbosch : Stellenbosch University, 2024-03) Banda, Takudzwa Vincent; Blaauw, Dewald; Watson, Bruce; Stellenbosch University. Faculty of Arts and Social Sciences. Dept. of Information Science.
    ENGLISH SUMMARY: Critical infrastructure cyberattacks have become a significant threat to national security worldwide. Adversaries exploit vulnerabilities in communication networks, technologies, and protocols of smart grid SCADA networks to gain access and control of power grids, causing blackouts. Despite the need to safeguard the reliable and stable operation of the grid against cyberattacks, simultaneously detecting and preventing attacks presents a significant challenge. To address this, a Kali Linux machine was connected to a smart grid SCADA network simulated in GNS3 to perform common cyberattacks. Wireshark was then deployed to capture network traffic for machine learning. Aiming to improve the detection and prevention of cyberattacks the study proposed a dual-tasked ensemble supervised machine learning model, a combination of Multi-Layer Perceptron Neural Network (MLPNN) and Extreme Gradient Boosting (XGBoost), that had an average accuracy of 99.60% and detection rate of 99.48%. The first task of the model distinguishes between normal state and cyberattack modes of operation. The second task prevents suspicious packets from reaching the network destination devices. Leveraging the PowerShell command-line tool, to success the model dynamically applies packet filtering firewall rules based on its predictions. Therefore, the proposed model is both an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS). The model was tested on new data, producing an accuracy of 99.19% and detection rate of 98.95%. Furthermore, the model's performance was compared to existing proposed cyber-attack detection models and consistently outperforms these proposed models on most datasets, demonstrating its superiority in terms of precision, accuracy, and recall/detection rate. Thus, the proposed model, with its function as a firewall, enhances the overall security capabilities of the smart grid SCADA networks and significantly mitigates potential cyberattacks.