Real-Time Cyberattack Detection, Diagnosis and Behaviour Forecast on an Offshore Refrigeration System with LSTM: Real-Time Detection and Diagnosis of Cyberattacks on the Modbus TCP/IP communication between a Refrigeration System and SCADA and Forecast of the System Behaviour in an Offshore Platform using LSTM
Translated title
Real-Time Cyberattack Detection, Diagnosis and Behaviour Forecast on an Offshore Refrigeration System with LSTM
Author
Soster Ramos, Ligia
Term
4. semester
Education
Publication year
2023
Submitted on
2023-05-30
Pages
56
Abstract
This project examines how to detect and diagnose cyberattacks in offshore control systems, focusing on Modbus TCP/IP communication between refrigeration units and SCADA (supervisory control and data acquisition) systems. The goal is to detect attacks quickly and to predict system behavior using neural networks. Five Long Short-Term Memory (LSTM) neural networks—designed for time-series data—were built and tested: three to classify operational signals as healthy or as one of four cyberattack types, and two to forecast room temperature 5 hours after an attack is detected. Each network used different solvers, architectures, and hyperparameters to compare design choices. The classification networks categorized 100 datasets into healthy or cyberattack scenarios, and the forecasting networks predicted room temperature with RMSE values of 0.17 and 0.19 (lower is better). These results suggest that combining classification and forecasting can support more robust cybersecurity for offshore industrial control systems and point to opportunities for further improvements.
Dette projekt undersøger, hvordan man kan opdage og diagnosticere cyberangreb i offshore styringssystemer med fokus på Modbus TCP/IP-kommunikation mellem køleanlæg og SCADA (overvågnings- og dataopsamlingssystemer). Målet er både at finde angreb hurtigt og at forudsige, hvordan systemet reagerer, ved hjælp af neurale netværk. Fem Long Short-Term Memory (LSTM) neurale netværk—en type maskinlæring egnet til tidsserier—blev designet og afprøvet: tre til at klassificere driftssignaler som enten sunde eller som én af fire typer cyberangreb, og to til at forudsige rumtemperatur 5 timer efter, at et angreb er blevet opdaget. Hvert netværk anvendte forskellige løsere, arkitekturer og hyperparametre for at sammenligne designvalg. Klassifikationsnetværkene klassificerede 100 datasæt i sunde eller angrebsscenarier, og forudsigelsesnetværkene estimerede rumtemperaturen med RMSE-værdier på 0.17 og 0.19 (lavere er bedre). Resultaterne peger på, at en kombination af klassifikation og forudsigelse kan styrke cybersikkerheden i offshore industrielle kontrolsystemer og åbner for videre forbedringer.
[This apstract has been rewritten with the help of AI based on the project's original abstract]
Keywords
LSTM ; Cyberattack ; Offshore ; Refrigeration ; HVAC ; Classification ; Regression ; Forecast