Login | Register

Securing Industrial Control Systems: Passive Monitoring, Threat Intelligence, and Time Synchronization Protection

Title:

Securing Industrial Control Systems: Passive Monitoring, Threat Intelligence, and Time Synchronization Protection

Cabana, Olivier ORCID: https://orcid.org/0000-0002-9151-0975 (2026) Securing Industrial Control Systems: Passive Monitoring, Threat Intelligence, and Time Synchronization Protection. PhD thesis, Concordia University.

[thumbnail of Cabana_PhD_S2026.pdf]
Text (application/pdf)
Cabana_PhD_S2026.pdf - Accepted Version
Restricted to Repository staff only until 1 May 2028.
Available under License Spectrum Terms of Access.
8MB

Abstract

The threat to the Internet of Things (IoT) and Industrial Control Systems (ICS) is constantly increasing. With the proliferation of IoT solutions deployed in homes, businesses and infrastructure there is an urgent need for security solutions. Additionally, in the context of ICS, these security tools face another challenge as they must prioritize the availability of the services. This dissertation advances the state-of-the-art for ICS security by proposing a set of tools and algorithms for the prevention, detection, and mitigation of cyber-attacks targeting ICS devices. First, we design and implement a solution that analyzes darknet network traffic. This solution identifies and correlates in near real-time attacks targeting ICS protocols and devices and can track reconnaissance campaigns over time. Using this practical solution, we investigate the threat landscape of ICS attacks over the course of several months and analyze the top campaigns over the observation window. Second, we develop an application that leverages polynomial curve fitting and a Siamese Neural Network (SNN) to passively analyze the traffic in IoT networks to fingerprint devices. Our application can identify new devices, maintains its performance over time, and can easily be redeployed on a new network. Third, we investigate the cybersecurity aspect of IEC Precision Time Protocol (PTP), a well-known protocol for time synchronization, which is critical in ICS networks. We demonstrate that PTP can be abused to facilitate the exchange of covert messages and propose several solutions to mitigate the issue. Finally, we build a PTP simulation testbed to investigate PTP delay attacks, which can have consequences on smart grid operations. We present new PTP attack scenarios and offer a detection strategy that uses machine learning models in conjunction with passive monitoring to detect delay attacks.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (PhD)
Authors:Cabana, Olivier
Institution:Concordia University
Degree Name:Ph. D.
Program:Information and Systems Engineering
Date:23 April 2026
Thesis Supervisor(s):Debbabi, Mourad and Youssef, Amr M. and Youssef, El-Nasser S. and Kassouf, Marthe
ID Code:997163
Deposited By: OLIVIER CABANA
Deposited On:29 Jun 2026 17:53
Last Modified:29 Jun 2026 17:53
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top