Download

Download Full Text (790 KB)

Date of Graduation

5-2026

Description

Industrial control systems manage critical infrastructure such as power grids, water treatment plants, and manufacturing facilities. These systems rely on specialized network protocols to send measurements and commands between sensors, controllers, and operator workstations. Protecting these networks from cyberattacks is essential because a successful intrusion could disrupt services that millions of people depend on daily. Most current security monitoring approaches analyze copies of network traffic after it has already passed through the system. This delay means that malicious commands may reach their targets before any alarm is raised. More importantly, when alerts do occur, operators often lack the evidence needed to understand what happened and why, making it difficult to trust warnings or respond effectively.This research develops an evidence-first approach to industrial network security. Rather than simply blocking suspicious traffic, the system treats every policy decision as an opportunity to generate a structured record that proves what the network observed and why a particular action was taken. Using a technology called P4, which allows network switches to be programmed with custom packet processing logic, I built a system that inspects industrial control traffic as it flows through the network. The system examines each packet and generates compact evidence records I call "postcards" that capture four types of context: identity and location information showing where packets came from and where they were going, protocol details extracted from the industrial control messages themselves, timing and performance measurements, and decision information documenting whether packets were allowed or blocked and the specific reason why.The system organizes security capabilities into a tiered structure where each tier addresses a specific category of protection and can be extended as new threats emerge. The first tier covers access control, with current demonstrations including verification of authorized communication patterns. The second tier covers protocol correctness, currently demonstrating message structure and length validation. The third tier covers system availability and transaction integrity, with initial demonstrations including flood prevention and request-response matching. Two additional tiers are currently in development and will address operation-level policy enforcement and semantic validation of transmitted data values. This tiered design provides a repeatable pattern where each layer closes a specific category of security gaps while remaining open to additional capabilities within that category.I built a laboratory testbed using software-based network emulation, programmable switches, and custom software that generates realistic traffic following the Modbus protocol commonly used in energy and manufacturing systems. Testing confirms that the system successfully detects invalid message formats, blocks unauthorized access attempts, and enforces transaction limits, generating corresponding evidence records for each decision.This research contributes a practical framework that balances two goals often treated separately: stopping threats immediately and providing the evidence trail that operators need for investigation and response. The postcard approach ensures that enforcement decisions remain explainable and defensible. This combination could help protect critical infrastructure while giving operators the trustworthy information they need to act confidently.

Publication Date

2026

Document Type

Book

Degree Name

Bachelor of Science in Computer Science

Degree Level

Undergraduate

Department

Electrical Engineering and Computer Science

Advisor/Mentor

Jin, Kevin

Disciplines

Computer Sciences | Engineering

Keywords

Engineering

P4 Driven Data Plane Analytics for Industrial Control Network Security

Share

COinS