Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Detection and mitigation of field flooding attacks on oil and gas critical infrastructure communication

Mohammed, Abubakar Sadiq, Anthi, Eirini, Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646, Saxena, Neetesh ORCID: https://orcid.org/0000-0002-6437-0807 and Burnap, Pete ORCID: https://orcid.org/0000-0003-0396-633X 2023. Detection and mitigation of field flooding attacks on oil and gas critical infrastructure communication. Computers and Security 124 , 103007. 10.1016/j.cose.2022.103007

[thumbnail of 1-s2.0-S0167404822003996-main.pdf]
Preview
PDF - Published Version
Available under License Creative Commons Attribution.

Download (2MB) | Preview

Abstract

Industrial Cyber-Physical Systems (ICPS) are highly dependent on Supervisory Control and Data Acquisition (SCADA) for process monitoring and control. Such SCADA systems are known to communicate using various insecure protocols such as Modbus, DNP3, and Open Platform Communication (OPC) Data Access standards (providing access to real-time automation data), which are vulnerable to a range of attacks. This leads to increased cyber risks faced in critical infrastructures, especially in the Oil and Gas sector. One of the most popular and critical attacks deployed against such infrastructure is Denial of Service (DoS), as it can have severe consequences that range from financial loss to loss of life. Such attacks can disrupt the ability of an operator to control hazardous operations leading to potentially unsafe scenarios. A novel Field Flooding attack is described which takes advantage of the packet memory structure of the Modbus protocol to perform a DoS attack. This attack can cause overflowing of the memory bank allocated in the Programmable Logic Controller (PLC) for Modbus operations. The attack is deployed and evaluated on a real industrial testbed and its impact against the Mitre ATT&CK framework is assessed, in order to identify which tactics an adversary could use to compromise the system. A novel mechanism that utilises supervised machine learning to detect this attack in industrial control system networks is also described. Experimental results show that the proposed mechanism, using the XGBoost algorithm, can identify this attack with 99% accuracy.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Publisher: Elsevier
ISSN: 0167-4048
Date of First Compliant Deposit: 14 November 2022
Date of Acceptance: 6 November 2022
Last Modified: 06 May 2023 02:02
URI: https://orca.cardiff.ac.uk/id/eprint/154139

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics