| dc.description.abstract | The use of encryption in network communications in industrial control systems (ICS) has become increasingly prominent in the last decade due to the evolving cyber threat landscape in operational technology (OT) environments and cyber-physical systems. ICS utilize standard communication protocols such as Data Distribution Service (DDS) to facilitate connectivity, secure and resilient data exchange between distributed systems and devices. With the increased cyber threat landscape in OT, a set of industrial standards and regulatory requirements have been established to enforce security controls in ICS, such as modern encryption standards in network communication systems to protect the confidentiality and data integrity.
This introduces a substantial problem for cyber defence and security monitoring systems, especially intrusion detection systems (IDS), that no longer possess the capability of effectively monitoring the network traffic for malicious activity due to the loss of insight into the encrypted network packets. Traditional IDS that utilize deep-packet inspection techniques cannot interpret the encrypted network packets, resulting in a limitation that allows hackers and malicious actors to carry out cyber attacks without being detected by the cyber defence systems.
To address this limitation, new and modern approaches are being investigated, including the use of Artificial Intelligence (AI) to enhance the cyber threat intelligence and decision-making capabilities with advanced learning mechanisms to detect and identify malicious patterns in the network traffic. Therefore, in this thesis, we apply different machine learning models such as Autoencoder, LSTM Autoencoder, OC-SVM and K-Means clustering for the detection and classification of cyber attacks in encrypted DDS traffic within OT environments. | |
