Industrial Control Systems (ICS) are fundamental for managing critical infrastructure in sectors such as energy generation and distribution, water treatment, and transportation. With the increasing convergence of Information Technology (IT) and Operational Technology (OT), ICS, which were once isolated, are now interconnected, making them more vulnerable to cyber threats. Asset management and vulnerability identification are essential components of cybersecurity, helping organizations secure evolving ICS environments. However, these processes can also be exploited by attackers to perform reconnaissance, map network topologies, identify and target critical assets and exploit vulnerabilities. At the same time, legitimate reconnaissance, known as asset discovery, remains essential for maintaining asset visibility, but poses a significant challenge in ICS. A key research challenge is balancing the need for legitimate asset scanning with the need to defend against malicious reconnaissance. Traditional defensive mechanisms are often insufficient, as they fail to secure modern ICS networks and the stealthy tactics employed by attackers. Moving Target Defense (MTD) introduces unpredictability into the system, which complicates attackers’ reconnaissance efforts. However, deploying MTD in ICS environments presents significant challenges, including integration with legacy systems, maintaining operational continuity, and managing potential performance overhead. This thesis addresses these challenges by developing an innovative MTD mechanism called Moving Target Against Reconnaissance (MoTaR), specifically designed for ICS networks. MoTaR monitors live industrial network traffic, obfuscating critical ICS devices properties to disrupt reconnaissance attempts while allowing normal operations to continue unaffected. The research evaluates existing asset scanning tools and techniques to identify their limitations and improve MoTaR’s effectiveness. Furthermore, the thesis explores the limitations of current network traffic anomaly detection tools in identifying stealthy reconnaissance and enhances MoTaR with advanced detection capabilities. The findings showcased in this thesis illustrate how MoTaR provides a dynamic and proactive defense strategy tailored for ICS, bolstering resilience against cyber threats. Through the design, implementation, and evaluation of MoTaR, this research contributes a practical solution to securing ICS, without compromising operational integrity and continuity.
| Date of Award | 17 Jun 2025 |
|---|
| Original language | English |
|---|
| Awarding Institution | |
|---|
| Supervisor | Awais Rashid (Supervisor) & Joe Gardiner (Supervisor) |
|---|
Protecting Against Reconnaissance Attacks on Industrial Control Systems: A Moving Target Defense Approach
Samanis, M. (Author). 17 Jun 2025
Student thesis: Doctoral Thesis › Doctor of Philosophy (PhD)