Lacey, Conor Sean (2025) Can an AI-Based Behavioural Scanner Improve the Detection of Protocol-Level Misconfigurations and Anomalies in Industrial IoT Environments. Masters thesis, Dublin, National College of Ireland.
Preview |
PDF (Master of Science)
Download (787kB) | Preview |
Preview |
PDF (Configuration Manual)
Download (916kB) | Preview |
Abstract
Industrial Internet of Things systems are being increasingly deployed in smart manufacturing, enabling automation and efficiency under Industry 4.0. However, many protocols such as Modbus were never designed with security in mind, leaving them vulnerable to misconfigurations and misuse. Current vulnerability scanners, such as OpenVAS rely on Common Vulnerabilities and Exposures and therefore struggle to detect behavioural anomalies and protocol-level threats.
This research presents the development of a prototype AI-based behavioural scanner for Modbus traffic, designed to detect protocol misuse and anomalies that current CVE-driven scanners overlook. Using Conpot, a honeypot, to emulate a Modbus-enabled SCADA system, a custom Python logger was built to generate both benign and malicious traffic, producing a labelled dataset of 15,500 records. Two machine learning models were then evaluated, using Random Forest for supervised and Isolation Forest for unsupervised.
The results show that the Random Forest achieved a high accuracy (97% overall and a recall of 0.87 for malicious traffic) while the Isolation Forest flagged the anomalies without labels, although with a reduced recall. In contrast, OpenVAS scans detected only generic vulnerabilities while failing to detect any Modbus misuse.
The key contribution of this work is a reproducible dataset pipeline and demonstration that feature-level behavioural analysis can complement signature-based scanners. The findings highlight both the potential and limitations of AI-driven scanners in anomaly detection in IIoT and suggest a pathway for future research using real-world datasets, protocol expansion and scalable deployment.
| Item Type: | Thesis (Masters) |
|---|---|
| Supervisors: | Name Email Spelman, Ross UNSPECIFIED |
| Subjects: | Q Science > QH Natural history > QH301 Biology > Methods of research. Technique. Experimental biology > Data processing. Bioinformatics > Artificial intelligence Q Science > Q Science (General) > Self-organizing systems. Conscious automata > Artificial intelligence Q Science > QA Mathematics > Computer software > Computer Security T Technology > T Technology (General) > Information Technology > Computer software > Computer Security T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > Computer networks > Internet of things H Social Sciences > HD Industries. Land use. Labor > Specific Industries > Manufacturing Industry |
| Divisions: | School of Computing > Master of Science in Cyber Security |
| Depositing User: | Ciara O'Brien |
| Date Deposited: | 04 Jul 2026 14:20 |
| Last Modified: | 04 Jul 2026 14:20 |
| URI: | https://norma.ncirl.ie/id/eprint/9476 |
Actions (login required)
![]() |
View Item |
Tools
Tools