Process-Aware Defenses for Cyber-Physical Systems
Doctoral thesis, 2021
The increasing connectivity is exposing safety-critical systems to cyberattacks that can cause real physical damage and jeopardize human lives. With billions of IoT devices added to the Internet every year, the cybersecurity landscape is drastically shifting from IT systems and networks to systems that comprise both cyber and physical components, commonly referred to as cyber-physical systems (CPS). The difficulty of applying classical IT security solutions in CPS environments has given rise to new security techniques known as process-aware defense mechanisms, which are designed to monitor and protect industrial processes supervised and controlled by cyber elements from sabotage attempts via cyberattacks. In this thesis, we critically examine the emerging CPS-driven cybersecurity landscape and investigate how process-aware defenses can contribute to the sustainability of highly connected cyber-physical systems by making them less susceptible to crippling cyberattacks. We introduce a novel data-driven model-free methodology for real-time monitoring of physical processes to detect and report suspicious behaviour before damage occurs. We show how our model-free approach is very lightweight, does not require detailed specifications, and is applicable in various CPS environments including IoT systems and networks. We further design, implement, evaluate, and deploy process-aware techniques, study their efficacy and applicability in real-world settings, and address their deployment challenges.
Author
Wissam Aoudi
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems
Proceedings of the ACM Conference on Computer and Communications Security,;(2018)p. 817-831
Paper in proceeding
A Framework for Determining Robust Context-Aware Attack-Detection Thresholds for Cyber-Physical Systems
Australasian Information Security Conference, AISC 2021,;(2021)
Paper in proceeding
A Scalable Specification-Agnostic Multi-Sensor Anomaly Detection System for IIoT Environments
International Journal of Critical Infrastructure Protection,;Vol. 30(2020)
Journal article
Spectra: Detecting Attacks on In-Vehicle Networks through Spectral Analysis of CAN-Message Payloads
Proceedings of the ACM Symposium on Applied Computing,;(2021)p. 1588-1597
Paper in proceeding
Model-Free Detection of Cyberattacks on Voltage Control in Distribution Grids
15th European Dependable Computing Conference,;(2019)
Paper in proceeding
The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems
Proceedings of the 4th Annual Industrial Control System Security Workshop ,;(2018)p. 17-24
Paper in proceeding
A probe into process-level attack detection in industrial environments from a side-channel perspective
ACM International Conference Proceeding Series,;(2019)p. 1-10
Paper in proceeding
Towards a Secure Connected Society
With the advancements in digitalization and communication technologies, many systems are becoming connected to the Internet for the purpose of providing better experience for customers and end-users. When systems are connected to the Internet without proper security measures, they become reachable and accessible by hackers and cyber criminals who can control them remotely. Some of these systems, such as cars and manufacturing robots, are safety critical, which makes it imperative to ensure they are well secured.
The research work in this thesis thoroughly examined the security aspects of connected systems that people interact with on a daily basis and a novel security approach to detecting potential cyber-attacks was proposed. The fact that the systems being connected to the Internet vary widely in terms of architecture, intended task, and the way they operate, makes it challenging to design and develop scalable security techniques that have a good chance of being adopted by the industry. The technique proposed in this thesis possesses key features that makes is suitable and applicable to various systems and has been validated and tested in real environments. Furthermore, the proposed technique does not demand high computational resources to run, which makes it suitable for many modern applications where hardware resources are very limited such as Internet-of-Things (IoT) systems and networks.
With the advancements in digitalization and communication technologies, many systems are becoming connected to the Internet for the purpose of providing better experience for customers and end-users. When systems are connected to the Internet without proper security measures, they become reachable and accessible by hackers and cyber criminals who can control them remotely. Some of these systems, such as cars and manufacturing robots, are safety critical, which makes it imperative to ensure they are well secured.
The research work in this thesis thoroughly examined the security aspects of connected systems that people interact with on a daily basis and a novel security approach to detecting potential cyber-attacks was proposed. The fact that the systems being connected to the Internet vary widely in terms of architecture, intended task, and the way they operate, makes it challenging to design and develop scalable security techniques that have a good chance of being adopted by the industry. The technique proposed in this thesis possesses key features that makes is suitable and applicable to various systems and has been validated and tested in real environments. Furthermore, the proposed technique does not demand high computational resources to run, which makes it suitable for many modern applications where hardware resources are very limited such as Internet-of-Things (IoT) systems and networks.
Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)
European Commission (EC) (EC/H2020/773717), 2017-11-01 -- 2020-04-30.
KIDSAM: Knowledge and information-sharing in digital collaborative projects
VINNOVA (2018-03966), 2018-11-01 -- 2021-11-30.
RIOT: Resilient Internet of Things
Swedish Civil Contingencies Agency (MSB2018-12526), 2019-01-01 -- 2023-12-31.
Resilient Information and Control Systems (RICS)
Swedish Civil Contingencies Agency (2015-828), 2015-09-01 -- 2020-08-31.
Areas of Advance
Information and Communication Technology
Subject Categories
Computer and Information Science
ISBN
978-91-7905-503-5
Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4970
Publisher
Chalmers