Date of Award
Summer 8-2017
Degree Type
Thesis
Degree Name
M.S.
Degree Program
Computer Science
Department
Computer Science
Major Professor
Dr. Irfan Ahmed
Second Advisor
Dr. Vassil Roussev
Third Advisor
Dr. Minhaz F. Zibran
Abstract
Most SCADA devices have a few built-in self-defence mechanisms and tend to implicitly trust communications received over the network. Therefore, monitoring and forensic analysis of network traffic is a critical prerequisite for building an effective defense around SCADA units. In this thesis work, We provide a comprehensive forensic analysis of network traffic generated by the PCCC(Programmable Controller Communication Commands) protocol and present a prototype tool capable of extracting both updates to programmable logic and crucial configuration information. The results of our analysis shows that more than 30 files are transferred to/from the PLC when downloading/uplloading a ladder logic program using RSLogix programming software including configuration and data files. Interestingly, when RSLogix compiles a ladder-logic program, it does not create any lo-level representation of a ladder-logic file. However the low-level ladder logic is present and can be extracted from the network traffic log using our prototype tool. the tool extracts SMTP configuration from the network log and parses it to obtain email addresses, username and password. The network log contains password in plain text.
Recommended Citation
Senthivel, Saranyan, "Automatic Forensic Analysis of PCCC Network Traffic Log" (2017). University of New Orleans Theses and Dissertations. 2394.
https://scholarworks.uno.edu/td/2394
Rights
The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.