Process-Aware Defenses for Cyber-Physical Systems
Doctoral thesis, 2021

The increasing connectivity is exposing safety-critical systems to cyberattacks that can cause real physical damage and jeopardize human lives. With billions of IoT devices added to the Internet every year, the cybersecurity landscape is drastically shifting from IT systems and networks to systems that comprise both cyber and physical components, commonly referred to as cyber-physical systems (CPS). The difficulty of applying classical IT security solutions in CPS environments has given rise to new security techniques known as process-aware defense mechanisms, which are designed to monitor and protect industrial processes supervised and controlled by cyber elements from sabotage attempts via cyberattacks. In this thesis, we critically examine the emerging CPS-driven cybersecurity landscape and investigate how process-aware defenses can contribute to the sustainability of highly connected cyber-physical systems by making them less susceptible to crippling cyberattacks. We introduce a novel data-driven model-free methodology for real-time monitoring of physical processes to detect and report suspicious behaviour before damage occurs. We show how our model-free approach is very lightweight, does not require detailed specifications, and is applicable in various CPS environments including IoT systems and networks. We further design, implement, evaluate, and deploy process-aware techniques, study their efficacy and applicability in real-world settings, and address their deployment challenges.

EDIT 8103, Rännvägen 6, Chalmers
Opponent: Nils Ole Tippenhauer, CISPA, Germany


Wissam Aoudi

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems

Proceedings of the ACM Conference on Computer and Communications Security,; (2018)p. 817-831

Paper in proceeding

A Framework for Determining Robust Context-Aware Attack-Detection Thresholds for Cyber-Physical Systems

Australasian Information Security Conference, AISC 2021,; (2021)

Paper in proceeding

A Scalable Specification-Agnostic Multi-Sensor Anomaly Detection System for IIoT Environments

International Journal of Critical Infrastructure Protection,; Vol. 30(2020)

Journal article

Spectra: Detecting Attacks on In-Vehicle Networks through Spectral Analysis of CAN-Message Payloads

Proceedings of the ACM Symposium on Applied Computing,; (2021)p. 1588-1597

Paper in proceeding

Model-Free Detection of Cyberattacks on Voltage Control in Distribution Grids

15th European Dependable Computing Conference,; (2019)

Paper in proceeding

The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems

Proceedings of the 4th Annual Industrial Control System Security Workshop ,; (2018)p. 17-24

Paper in proceeding

A probe into process-level attack detection in industrial environments from a side-channel perspective

ACM International Conference Proceeding Series,; (2019)p. 1-10

Paper in proceeding

Towards a Secure Connected Society

With the advancements in digitalization and communication technologies, many systems are becoming connected to the Internet for the purpose of providing better experience for customers and end-users. When systems are connected to the Internet without proper security measures, they become reachable and accessible by hackers and cyber criminals who can control them remotely. Some of these systems, such as cars and manufacturing robots, are safety critical, which makes it imperative to ensure they are well secured.

The research work in this thesis thoroughly examined the security aspects of connected systems that people interact with on a daily basis and a novel security approach to detecting potential cyber-attacks was proposed. The fact that the systems being connected to the Internet vary widely in terms of architecture, intended task, and the way they operate, makes it challenging to design and develop scalable security techniques that have a good chance of being adopted by the industry. The technique proposed in this thesis possesses key features that makes is suitable and applicable to various systems and has been validated and tested in real environments. Furthermore, the proposed technique does not demand high computational resources to run, which makes it suitable for many modern applications where hardware resources are very limited such as Internet-of-Things (IoT) systems and networks.

Resilient Information and Control Systems (RICS)

Swedish Civil Contingencies Agency, 2015-09-01 -- 2020-08-31.

RIOT: Resilient Internet of Things

Swedish Civil Contingencies Agency, 2019-01-01 -- 2023-12-31.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

European Commission (EC), 2017-11-01 -- 2020-04-30.

KIDSAM: Knowledge and information-sharing in digital collaborative projects

VINNOVA, 2018-11-01 -- 2021-11-30.

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science



Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4970


Chalmers University of Technology

EDIT 8103, Rännvägen 6, Chalmers


Opponent: Nils Ole Tippenhauer, CISPA, Germany

More information

Latest update