Cabana, Olivier
ORCID: https://orcid.org/0000-0002-9151-0975
(2026)
Securing Industrial Control Systems: Passive Monitoring, Threat Intelligence, and Time Synchronization Protection.
PhD thesis, Concordia University.
Text (application/pdf)
8MBCabana_PhD_S2026.pdf - Accepted Version Restricted to Repository staff only until 1 May 2028. Available under License Spectrum Terms of Access. |
Abstract
The threat to the Internet of Things (IoT) and Industrial Control Systems (ICS) is constantly increasing. With the proliferation of IoT solutions deployed in homes, businesses and infrastructure there is an urgent need for security solutions. Additionally, in the context of ICS, these security tools face another challenge as they must prioritize the availability of the services. This dissertation advances the state-of-the-art for ICS security by proposing a set of tools and algorithms for the prevention, detection, and mitigation of cyber-attacks targeting ICS devices. First, we design and implement a solution that analyzes darknet network traffic. This solution identifies and correlates in near real-time attacks targeting ICS protocols and devices and can track reconnaissance campaigns over time. Using this practical solution, we investigate the threat landscape of ICS attacks over the course of several months and analyze the top campaigns over the observation window. Second, we develop an application that leverages polynomial curve fitting and a Siamese Neural Network (SNN) to passively analyze the traffic in IoT networks to fingerprint devices. Our application can identify new devices, maintains its performance over time, and can easily be redeployed on a new network. Third, we investigate the cybersecurity aspect of IEC Precision Time Protocol (PTP), a well-known protocol for time synchronization, which is critical in ICS networks. We demonstrate that PTP can be abused to facilitate the exchange of covert messages and propose several solutions to mitigate the issue. Finally, we build a PTP simulation testbed to investigate PTP delay attacks, which can have consequences on smart grid operations. We present new PTP attack scenarios and offer a detection strategy that uses machine learning models in conjunction with passive monitoring to detect delay attacks.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
|---|---|
| Item Type: | Thesis (PhD) |
| Authors: | Cabana, Olivier |
| Institution: | Concordia University |
| Degree Name: | Ph. D. |
| Program: | Information and Systems Engineering |
| Date: | 23 April 2026 |
| Thesis Supervisor(s): | Debbabi, Mourad and Youssef, Amr M. and Youssef, El-Nasser S. and Kassouf, Marthe |
| ID Code: | 997163 |
| Deposited By: | OLIVIER CABANA |
| Deposited On: | 29 Jun 2026 17:53 |
| Last Modified: | 29 Jun 2026 17:53 |
Repository Staff Only: item control page


Download Statistics
Download Statistics