Publication:
Developing an Effective Detection Framework for Targeted Ransomware Attacks in Brownfield Industrial Internet of Things

dc.contributor.advisor Sitnikova, Elena
dc.contributor.advisor Aboutorab, Neda
dc.contributor.advisor Moustafa, Nour
dc.contributor.author Al-Hawawreh, Muna
dc.date.accessioned 2022-03-15T01:04:52Z
dc.date.available 2022-03-15T01:04:52Z
dc.date.issued 2022
dc.description.abstract The Industrial Internet of Things (IIoT) is being interconnected with many critical industrial activities, creating major cyber security concerns. The key concern is with edge systems of Brownfield IIoT, where new devices and technologies are deployed to interoperate with legacy industrial control systems and leverage the benefits of IoT. These edge devices, such as edge gateways, have opened the way to advanced attacks such as targeted ransomware. Various pre-existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous nature of the IIoT devices and protocols and their interoperability demands. Consequently, developing new detection solutions is essential. The key challenges in developing detection solutions for targeted ransomware attacks in IIoT systems include 1) understanding attacks and their behaviour, 2) designing accurate IIoT system models to test attacks, 3) obtaining realistic data representing IIoT systems' activities and connectivities, and 4) identifying attacks. This thesis provides important contributions to the research focusing on investigating targeted ransomware attacks against IIoT edge systems and developing a new detection framework. The first contribution is developing the world's first example of ransomware, specifically targeting IIoT edge gateways. The experiments' results demonstrate that such an attack is now possible on edge gateways. Also, the kernel-related activity parameters appear to be significant indicators of the crypto-ransomware attacks' behaviour, much more so than for similar attacks in workstations. The second contribution is developing a new holistic end-to-end IIoT security testbed (i.e., Brown-IIoTbed) that can be easily reproduced and reconfigured to support new processes and security scenarios. The results prove that Brown-IIoTbed operates efficiently in terms of its functions and security testing. The third contribution is generating a first-of-its-kind dataset tailored for IIoT systems covering targeted ransomware attacks and their activities, called X-IIoTID. The dataset includes connectivity- and device-agnostic features collected from various data sources. The final contribution is developing a new asynchronous peer-to-peer federated deep learning framework tailored for IIoT edge gateways for detecting targeted ransomware attacks. The framework's effectiveness has been evaluated against pre-existing datasets and the newly developed X-IIoTID dataset.
dc.identifier.uri http://hdl.handle.net/1959.4/100161
dc.language English
dc.language.iso en
dc.publisher UNSW, Sydney
dc.rights CC BY 4.0
dc.rights.uri https://creativecommons.org/licenses/by/4.0/
dc.subject.other Industrial Interent of Things
dc.subject.other Targeted ransomware
dc.subject.other Edge systems
dc.subject.other Detection
dc.subject.other Federated learning
dc.title Developing an Effective Detection Framework for Targeted Ransomware Attacks in Brownfield Industrial Internet of Things
dc.type Thesis
dcterms.accessRights open access
dcterms.rightsHolder Al-Hawawreh, Muna
dspace.entity.type Publication
unsw.accessRights.uri https://purl.org/coar/access_right/c_abf2
unsw.identifier.doi https://doi.org/10.26190/unsworks/2071
unsw.relation.faculty UNSW Canberra
unsw.relation.school School of Engineering and Information Technology
unsw.relation.school School of Engineering and Information Technology
unsw.relation.school School of Engineering and Information Technology
unsw.subject.fieldofresearchcode 4604 Cybersecurity and privacy
unsw.thesis.degreetype PhD Doctorate
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
public version.pdf
Size:
21.52 MB
Format:
application/pdf
Description:
Resource type