Amr El Zifzaf

Publication Date


Advisor(s) - Committee Chair

Mostafa Mostafa, Uta Ziegler, Ahonghang Xia


Access granted to WKU students, faculty and staff only.

After an extensive unsuccessful search for the author, this thesis is considered an orphan work, which may be protected by copyright. The inclusion of this orphan work on TopScholar does not guarantee that that orphan work may be used for any purpose and any use of the orphan work may subject the user to a claim of copyright infringement. The reproduction of this work is made by WKU without any purpose of direct or indirect commercial advantage and is made for purposes of preservation and research.

See also WKU Archives - Authorization for Use of Thesis, Special Project & Dissertation

Degree Program

Department of Computer Science

Degree Type

Master of Science


The use of Supervisory Control and Data Acquisition (SCADA) Distributed Control Systems (DCS) in industrial infrastructures has been rapidly growing. SCADA networks, being considerably sophisticated, already have much vulnerability. Many ways have been introduced to avoid those vulnerabilities. However, with introducing the usage of Internet as a communication medium, new vulnerability risks of transferring data have evolved. Those risks have been approached by many techniques involving intrusion detection. Most of the existing security systems used for SCADA networks are based upon notorious attacks signatures, but these detection methods lack protection against unknown attacks. In an attempt to complete the missing parts of the puzzle of vulnerability, we introduce a new approach. The new approach, uses anomaly intrusion detection through the DNP3 protocol. The method used integrates the analysis of traffic behavior over time and detecting anomalies within this behavior.


Computer Sciences | Physical Sciences and Mathematics