Human Detection of Attacks Against Cyber-Physical Systems

Student thesis: Doctoral ThesisDoctor of Philosophy (PhD)

Abstract

Cyber attacks are a persistent threat that is continually evolving to match the technology landscape. This increasingly includes systems that incorporate physical components, including personal electronic devices, Internet of Things devices and large-scale industrial systems that are increasingly being connected to the internet. Despite evidence that attacks are both directly targeting and inadvertently impacting such cyber-physical systems, to date very little research has sought to explore how good the human users of these systems are at observing and correctly identifying these attacks. This thesis seeks to address this knowledge gap, exploring people’s awareness of threats and whether the nature of cyber-physical systems means that attacks against them are detectable by human users. The main contributions from this work include: (1) A systematic study of how humans protect against, detect and respond to cyber attacks; (2) A detailed explanation of the devices that people use and their level of awareness of the sensors and components that these devices incorporate and how these could be targeted; (3) Information on how people detect attacks against physical devices versus more traditional attacks; (4) Information on the types of attacks that can be observed both directly from the behaviour of the physical components of an industrial control system and from the data outputs of the system; (5) Findings that show that, whilst attacks are often observed as anomalies, these errors are frequently attributed to technical error or failure; (6) Finally, this thesis explores whether findings relating to susceptibility and the ability to detect different attacks against physical systems can be generalised across different forms of attacks and systems.
Date of Award29 Sep 2020
Original languageEnglish
Awarding Institution
  • The University of Bristol
SupervisorAwais Rashid (Supervisor), Utz Roedig (Supervisor), Paul Taylor (Supervisor) & Francois Dupressoir (Supervisor)

Keywords

  • Cyber security
  • Industrial Control Systems
  • Cyber Physical Systems
  • Cyber attacks
  • Human factors

Cite this

'