Evaluate the Effectiveness of “off-the-shelf” Intrusion Detection and Prevention Systems in protecting Critical National Infrastructure against common cyberatta

Liban Ahmed


Supervised by Andrew Hood; Moderated by Amir Javed

I have created a test bed network of virtual machines consisting of an attacker VM loaded with my attacking scripts, a poll vm which mimics a key ICS control station through using Qmodbus to send instruction to the slave and a Slave VM which contains ModbusPal and mimics an ICS environment with four coils to turn on/off functionality.

The two trusted devices on the network here are the Poll and Slave VM. The Attacker Kali acts as an network intruder and can send attacks directly to the poll and slave vms. The network is for the attacker, for the poll and for the slave VM.

A range of cyber attacks are sent to the poll and slave vm mimicking a real cyber attack on an ICS environment. Two IDPS solutions Snort and Suricata are installed to alert and protect the environment to which we monitor the effectiveness in their attempts to protect this kind of environment

Final Report (11/09/2023) [Zip Archive]

Publication Form