Elsevier

Computers & Security

Volume 124, January 2023, 103007
Computers & Security

Detection and mitigation of field flooding attacks on oil and gas critical infrastructure communication

https://doi.org/10.1016/j.cose.2022.103007Get rights and content
Under a Creative Commons license
open access

Abstract

Industrial Cyber-Physical Systems (ICPS) are highly dependent on Supervisory Control and Data Acquisition (SCADA) for process monitoring and control. Such SCADA systems are known to communicate using various insecure protocols such as Modbus, DNP3, and Open Platform Communication (OPC) Data Access standards (providing access to real-time automation data), which are vulnerable to a range of attacks. This leads to increased cyber risks faced in critical infrastructures, especially in the Oil and Gas sector. One of the most popular and critical attacks deployed against such infrastructure is Denial of Service (DoS), as it can have severe consequences that range from financial loss to loss of life. Such attacks can disrupt the ability of an operator to control hazardous operations leading to potentially unsafe scenarios. A novel Field Flooding attack is described which takes advantage of the packet memory structure of the Modbus protocol to perform a DoS attack. This attack can cause overflowing of the memory bank allocated in the Programmable Logic Controller (PLC) for Modbus operations. The attack is deployed and evaluated on a real industrial testbed and its impact against the Mitre ATT&CK framework is assessed, in order to identify which tactics an adversary could use to compromise the system. A novel mechanism that utilises supervised machine learning to detect this attack in industrial control system networks is also described. Experimental results show that the proposed mechanism, using the XGBoost algorithm, can identify this attack with 99% accuracy.

Keywords

ModbusTCP
Cybersecurity
Operational technology
Cyber-physical systems
Machine learning

Data Availability

  • Data will be made available on request.

Cited by (0)

Abubakar Sadiq Mohammed is currently carrying out Ph.D. research in cybersecurity at Cardiff University. He received a B.Eng. Degree in Mechanical Engineering from the Federal University of Technology, Minna, Nigeria, and an M.Sc. in Petroleum and Gas Engineering from the University of Salford, U.K. In addition to his qualifications, he has gained over 14 years of engineering experience working in the oil and gas industry. He brings his engineering background to industrial cybersecurity to help gain valuable insights on how to secure industrial control systems. His research interests include cybersecurity for SCADA systems and Industrial Control Systems and using machine learning for anomaly detection.

Dr Eirini Anthi is a lecturer in cybersecurity at the School of Computer Science & Informatics, Cardiff University. She teaches Operating Systems Security and Cybersecurity Operations. In addition, her research interests revolve around the security of the Internet of Things (IoT), SCADA, and Industrial Control Systems. More particularly, her research examines the security issues that come along with these devices/systems and focuses on developing intelligent and more robust cyber-attack detection mechanisms for such networks using machine learning and adversarial machine learning techniques. As part of her doctorate, she developed state-of-the-art tools to detect and defend against network-based cyber attacks in such infrastructures.

Omer F. Rana received the B.Eng. degree in information systems engineering from Imperial College of Science, Technology and Medicine, London, U.K., an M.Sc. in microelectronics systems design from the University of Southampton, U.K., and a Ph.D. in neural computing and parallel architectures from the Imperial College of Science, Technology and Medicine. He is a Professor of performance engineering with Cardiff University, Cardiff, U.K. His research interests include high performance distributed computing, data analytics/mining and scalable systems.

Neetesh Saxena is currently an Associate Professor (Senior Lecturer) with the School of Computer Science and Informatics at Cardiff University, UK with more than 16 years of teaching/research experience in academia. Before joining CU, he was an Assistant Professor with Bournemouth University, UK. Prior to this, he was a Post-Doctoral Researcher in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, USA, and with the Department of Computer Science, Stony Brook University, USA and SUNY Korea. He was a DAAD Scholar at Bonn-Aachen International Center for Information Technology (B-IT), Rheinische-Friedrich-Wilhelms Universitt, Bonn, Germany and was also a TCS Research Scholar. His current research interests include cyber security and critical infrastructure security, including cyber-physical system security: smart grid, V2G and communication networks.

Pete Burnap is a Professor at Cardiff University and is seconded to Airbus Group to lead Cyber Security Analytics Research heading projects involving the application of Artificial Intelligence, Machine Learning and Statistical Modeling to Cyber Security problems (most recently malware analysis). Pete obtained his B.Sc. in Computer Science in 2002 and his Ph.D.: Advanced Access Control in support of Distributed Collaborative Working and Deperimeterization in 2010, both from Cardiff University. He has published more than 60 academic articles stemming from funded research projects worth over 8m and has advised the Home Affairs Biographical Sketch Select Committee, Home Office and Metropolitan Police on sociotechnical research outcomes associated with cyber risk and evolving cyber threats.