Process-Aware Defenses for Cyber-Physical Systems
Doktorsavhandling, 2021

The increasing connectivity is exposing safety-critical systems to cyberattacks that can cause real physical damage and jeopardize human lives. With billions of IoT devices added to the Internet every year, the cybersecurity landscape is drastically shifting from IT systems and networks to systems that comprise both cyber and physical components, commonly referred to as cyber-physical systems (CPS). The difficulty of applying classical IT security solutions in CPS environments has given rise to new security techniques known as process-aware defense mechanisms, which are designed to monitor and protect industrial processes supervised and controlled by cyber elements from sabotage attempts via cyberattacks. In this thesis, we critically examine the emerging CPS-driven cybersecurity landscape and investigate how process-aware defenses can contribute to the sustainability of highly connected cyber-physical systems by making them less susceptible to crippling cyberattacks. We introduce a novel data-driven model-free methodology for real-time monitoring of physical processes to detect and report suspicious behaviour before damage occurs. We show how our model-free approach is very lightweight, does not require detailed specifications, and is applicable in various CPS environments including IoT systems and networks. We further design, implement, evaluate, and deploy process-aware techniques, study their efficacy and applicability in real-world settings, and address their deployment challenges.

EDIT 8103, Rännvägen 6, Chalmers
Opponent: Nils Ole Tippenhauer, CISPA, Germany


Wissam Aoudi

Chalmers, Data- och informationsteknik, Nätverk och system

Truth Will Out: Departure-Based Process-Level Detection of Stealthy Attacks on Control Systems

Proceedings of the ACM Conference on Computer and Communications Security,; (2018)p. 817-831

Paper i proceeding

A Framework for Determining Robust Context-Aware Attack-Detection Thresholds for Cyber-Physical Systems

Australasian Information Security Conference, AISC 2021,; (2021)

Paper i proceeding

A Scalable Specification-Agnostic Multi-Sensor Anomaly Detection System for IIoT Environments

International Journal of Critical Infrastructure Protection,; Vol. 30(2020)

Artikel i vetenskaplig tidskrift

Spectra: Detecting Attacks on In-Vehicle Networks through Spectral Analysis of CAN-Message Payloads

Proceedings of the ACM Symposium on Applied Computing,; (2021)p. 1588-1597

Paper i proceeding

Model-Free Detection of Cyberattacks on Voltage Control in Distribution Grids

15th European Dependable Computing Conference,; (2019)

Paper i proceeding

The Nuts and Bolts of Deploying Process-Level IDS in Industrial Control Systems

Proceedings of the 4th Annual Industrial Control System Security Workshop ,; (2018)p. 17-24

Paper i proceeding

A probe into process-level attack detection in industrial environments from a side-channel perspective

ACM International Conference Proceeding Series,; (2019)p. 1-10

Paper i proceeding

Towards a Secure Connected Society

With the advancements in digitalization and communication technologies, many systems are becoming connected to the Internet for the purpose of providing better experience for customers and end-users. When systems are connected to the Internet without proper security measures, they become reachable and accessible by hackers and cyber criminals who can control them remotely. Some of these systems, such as cars and manufacturing robots, are safety critical, which makes it imperative to ensure they are well secured.

The research work in this thesis thoroughly examined the security aspects of connected systems that people interact with on a daily basis and a novel security approach to detecting potential cyber-attacks was proposed. The fact that the systems being connected to the Internet vary widely in terms of architecture, intended task, and the way they operate, makes it challenging to design and develop scalable security techniques that have a good chance of being adopted by the industry. The technique proposed in this thesis possesses key features that makes is suitable and applicable to various systems and has been validated and tested in real environments. Furthermore, the proposed technique does not demand high computational resources to run, which makes it suitable for many modern applications where hardware resources are very limited such as Internet-of-Things (IoT) systems and networks.

Integrated cyber-physical solutions for intelligent distribution grid with high penetration of renewables (UNITED-GRID)

Europeiska kommissionen (EU) (EC/H2020/773717), 2017-11-01 -- 2020-04-30.

KIDSAM: Kunskap- och informationssdelning i digitala samverkansprojekt

VINNOVA (2018-03966), 2018-11-01 -- 2021-11-30.

RIOT: Ett resilient sakernas internet

Myndigheten för samhällsskydd och beredskap (MSB2018-12526), 2019-01-01 -- 2023-12-31.

Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur

Myndigheten för samhällsskydd och beredskap (2015-828), 2015-09-01 -- 2020-08-31.


Informations- och kommunikationsteknik


Data- och informationsvetenskap



Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4970



EDIT 8103, Rännvägen 6, Chalmers


Opponent: Nils Ole Tippenhauer, CISPA, Germany

Mer information

Senast uppdaterat