Mohammed, Abubakar  ORCID: https://orcid.org/0000-0001-7505-7835
2024.
Detection and mitigation strategies for cyber-attacks in offshore oil and gas industrial networks.
PhD Thesis,
Cardiff University.
Item availability restricted. |
Preview |
PDF
- Accepted Post-Print Version
Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (10MB) | Preview |
![[thumbnail of Cardiff University Electronic Publication Form]](https://orca.cardiff.ac.uk/style/images/fileicons/application_pdf.png) |
PDF (Cardiff University Electronic Publication Form)
- Supplemental Material
Restricted to Repository staff only Download (132kB) |
Abstract
Industrial Cyber-Physical Systems (ICPS) increasingly rely on insecure protocols, raising security concerns in oil and gas (OG) operations. Replacing these protocols is often too expensive, highlighting the need for efficient cyber-attack detection. This thesis addresses this critical challenge by proposing a novel unsupervised anomaly detection model attack detection in OG environments. Existing Intrusion Detection Systems (IDS) for industrial networks, primarily Machine Learning (ML)-based, often suffer from high false positive rates and limited focus on OG environments. This potentially hinders real-world adoption. To address this gap, we introduce the Sliding Time-window Anomaly Detection (STADe) model – a novel approach that leverages the inherent periodicity of industrial network traffic for anomaly detection. The STADe model segments network packet inter-arrival times into time windows and analyzes periodicity within each window. This approach demonstrably reduces False Discovery Rates (FDR) compared to existing methods. Experiments evaluate existing ML-based IDSs and leverage the findings to develop STADe. A dedicated gas wellhead monitoring testbed was designed to emulate real-world scenarios and facilitate data collection for attack simulations and analysis. Additionally, this research identifies a novel field flooding attack capable of disrupting critical OG processes. This research emphasizes the significance of network traffic periodicity and demonstrates the effectiveness of anomaly detection models that leverage this characteristic.
| Item Type: | Thesis (PhD) |
|---|---|
| Date Type: | Completion |
| Status: | Unpublished |
| Schools: | Computer Science & Informatics |
| Subjects: | Q Science > Q Science (General) Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
| Date of First Compliant Deposit: | 26 June 2024 |
| Date of Acceptance: | 21 June 2024 |
| Last Modified: | 26 Jun 2024 13:58 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/170111 |
Actions (repository staff only)
 |
Edit Item |
Download Statistics
Download Statistics
Cardiff University Information Services