Mohammed, Abubakar Sadiq, Anthi, Eirini, Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646, Saxena, Neetesh ORCID: https://orcid.org/0000-0002-6437-0807 and Burnap, Pete ORCID: https://orcid.org/0000-0003-0396-633X 2023. Detection and mitigation of field flooding attacks on oil and gas critical infrastructure communication. Computers and Security 124 , 103007. 10.1016/j.cose.2022.103007 |
Preview |
PDF
- Published Version
Available under License Creative Commons Attribution. Download (2MB) | Preview |
Abstract
Industrial Cyber-Physical Systems (ICPS) are highly dependent on Supervisory Control and Data Acquisition (SCADA) for process monitoring and control. Such SCADA systems are known to communicate using various insecure protocols such as Modbus, DNP3, and Open Platform Communication (OPC) Data Access standards (providing access to real-time automation data), which are vulnerable to a range of attacks. This leads to increased cyber risks faced in critical infrastructures, especially in the Oil and Gas sector. One of the most popular and critical attacks deployed against such infrastructure is Denial of Service (DoS), as it can have severe consequences that range from financial loss to loss of life. Such attacks can disrupt the ability of an operator to control hazardous operations leading to potentially unsafe scenarios. A novel Field Flooding attack is described which takes advantage of the packet memory structure of the Modbus protocol to perform a DoS attack. This attack can cause overflowing of the memory bank allocated in the Programmable Logic Controller (PLC) for Modbus operations. The attack is deployed and evaluated on a real industrial testbed and its impact against the Mitre ATT&CK framework is assessed, in order to identify which tactics an adversary could use to compromise the system. A novel mechanism that utilises supervised machine learning to detect this attack in industrial control system networks is also described. Experimental results show that the proposed mechanism, using the XGBoost algorithm, can identify this attack with 99% accuracy.
Item Type: | Article |
---|---|
Date Type: | Publication |
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | Elsevier |
ISSN: | 0167-4048 |
Date of First Compliant Deposit: | 14 November 2022 |
Date of Acceptance: | 6 November 2022 |
Last Modified: | 06 May 2023 02:02 |
URI: | https://orca.cardiff.ac.uk/id/eprint/154139 |
Actions (repository staff only)
Edit Item |