- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Data-driven detection and verification of replay attacks...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Data-driven detection and verification of replay attacks on industrial control systems Gargoum, Sara
Abstract
With the advent of Industrial Internet of Things and the push towards digitization, industrial control systems have undergone an increase in connectivity, which enables remote monitoring and control. This in turn has led to their increased vulnerability to several cyberattacks. These attacks can have severe consequences, including equipment damage, service disruption, and even compromising public safety. This thesis focuses on a certain type of cyberattacks, called replay attack. A replay attack involves capturing legitimate communication signals between components in an industrial control system and replaying it later to disrupt system operations or perform other attacks. This thesis presents a comprehensive study on the detection of replay attacks on sensor measurements in industrial control systems. Utilising the vast amount of operational data (i.e. sensor measurements) generated by industrial control systems, a novel data-driven two-stage detection and verification framework is proposed. The proposed framework combines statistical techniques, signal processing and deep learning to detect replay attacks on industrial control systems. The first stage of the detection method consists of continuous monitoring of sensor measurements by performing change-point detection based on the corresponding matrix profile. This stage provides an early indicator of a potential replay attack. The second stage provides a validation of whether the detected change-point is due to a replay attack or not. This stage consists of performing time-frequency analysis using short-time Fourier transform to generate a spectrogram, introducing spectral features to the time-series sensor measurements. Then, the spectrogram is split into image frames, creating spectro-temporal features. A Convolutional Long- Short Term Memory based autoencoder (ConvLSTM-AE) is designed to capture these spectro-temporal features in an unsupervised manner, where a replay attack is detected based on the reconstruction error. To evaluate the effectiveness of the proposed detection and verification framework, it is tested on different replay attack scenarios defined, in data generated using the Tennessee Eastman process benchmark simulation system/process.
Item Metadata
| Title |
Data-driven detection and verification of replay attacks on industrial control systems
|
| Creator | |
| Supervisor | |
| Publisher |
University of British Columbia
|
| Date Issued |
2023
|
| Description |
With the advent of Industrial Internet of Things and the push towards
digitization, industrial control systems have undergone an increase in connectivity,
which enables remote monitoring and control. This in turn has led
to their increased vulnerability to several cyberattacks. These attacks can
have severe consequences, including equipment damage, service disruption,
and even compromising public safety. This thesis focuses on a certain type
of cyberattacks, called replay attack. A replay attack involves capturing
legitimate communication signals between components in an industrial control
system and replaying it later to disrupt system operations or perform
other attacks.
This thesis presents a comprehensive study on the detection of replay
attacks on sensor measurements in industrial control systems. Utilising the
vast amount of operational data (i.e. sensor measurements) generated by
industrial control systems, a novel data-driven two-stage detection and verification
framework is proposed. The proposed framework combines statistical
techniques, signal processing and deep learning to detect replay attacks on
industrial control systems. The first stage of the detection method consists of
continuous monitoring of sensor measurements by performing change-point
detection based on the corresponding matrix profile. This stage provides an
early indicator of a potential replay attack. The second stage provides a validation
of whether the detected change-point is due to a replay attack or not.
This stage consists of performing time-frequency analysis using short-time
Fourier transform to generate a spectrogram, introducing spectral features
to the time-series sensor measurements. Then, the spectrogram is split into
image frames, creating spectro-temporal features. A Convolutional Long-
Short Term Memory based autoencoder (ConvLSTM-AE) is designed to
capture these spectro-temporal features in an unsupervised manner, where
a replay attack is detected based on the reconstruction error. To evaluate
the effectiveness of the proposed detection and verification framework, it is
tested on different replay attack scenarios defined, in data generated using
the Tennessee Eastman process benchmark simulation system/process.
|
| Genre | |
| Type | |
| Language |
eng
|
| Date Available |
2024-07-13
|
| Provider |
Vancouver : University of British Columbia Library
|
| Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
| DOI |
10.14288/1.0435495
|
| URI | |
| Degree | |
| Program | |
| Affiliation | |
| Degree Grantor |
University of British Columbia
|
| Graduation Date |
2023-09
|
| Campus | |
| Scholarly Level |
Graduate
|
| Rights URI | |
| Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International