Cybersecurity in the maritime sector has become an increasingly pressing concern. While ports and companies in the field have made some progress over the years, the cybersecurity posture related to ships needs to be strengthened. Vessels are inherently vulnerable to cyber attacks due to their reliance on outdated systems, and the consequences of a successful attack range from high financial losses and environmental damages to threatening the safety of the personnel . In this context, security measures to rapidly detect attacks could play a crucial role in ensuring operational resilience and minimize losses. Despite the growing need for cybersecurity solutions, the maritime sector faces significant challenges, including the lack of publicly available maritime datasets for training models capable of detecting attacks, especially those involving correlated navigation and automation traffic. In this thesis, a proof of concept for detecting attacks as anomalies is presented. The used dataset is made from synthetic navigation and automation packets from the MaCySTe testbed, under normal and attack scenarios. The proof of concept takes inspiration from works on anomaly detection on route trajectories and route prediction for ships from navigation data using neural networks. The proposed approach learns the behavior of the ship in a holistic manner, analyzing both navigation and automation systems, to detect possible anomalies caused by cyber attacks aimed at making the ship change course or directly controlling it. Three learning tasks are explored in this thesis: direct correlated sequence classification of labeled anomalies, correlated sequences prediction, and cross‐system prediction of automation packets from navigation traffic. Systems developed for prediction do not require labeled data. Further, cross‐system predictors trained on clean navigation feeds could generate realistic automation traffic in the future. Looking forward, real‐ship deployment of cross-system predictors could augment the availability of richer correlated data, with anomaly detection tailored to vessel class and attack vector. Further, federated learning across fleets could create an even more realistic model for the behavior of a class of ships. There is also a need for implementing new testbeds and improving existing ones. Strengthening cybersecurity for ships and defending trading routes is essential in an increasingly polarized world, and this thesis aims at presenting an approach for an easily implementable solution for existing vessels.
Cybersecurity in the maritime sector has become an increasingly pressing concern. While ports and companies in the field have made some progress over the years, the cybersecurity posture related to ships needs to be strengthened. Vessels are inherently vulnerable to cyber attacks due to their reliance on outdated systems, and the consequences of a successful attack range from high financial losses and environmental damages to threatening the safety of the personnel . In this context, security measures to rapidly detect attacks could play a crucial role in ensuring operational resilience and minimize losses. Despite the growing need for cybersecurity solutions, the maritime sector faces significant challenges, including the lack of publicly available maritime datasets for training models capable of detecting attacks, especially those involving correlated navigation and automation traffic. In this thesis, a proof of concept for detecting attacks as anomalies is presented. The used dataset is made from synthetic navigation and automation packets from the MaCySTe testbed, under normal and attack scenarios. The proof of concept takes inspiration from works on anomaly detection on route trajectories and route prediction for ships from navigation data using neural networks. The proposed approach learns the behavior of the ship in a holistic manner, analyzing both navigation and automation systems, to detect possible anomalies caused by cyber attacks aimed at making the ship change course or directly controlling it. Three learning tasks are explored in this thesis: direct correlated sequence classification of labeled anomalies, correlated sequences prediction, and cross‐system prediction of automation packets from navigation traffic. Systems developed for prediction do not require labeled data. Further, cross‐system predictors trained on clean navigation feeds could generate realistic automation traffic in the future. Looking forward, real‐ship deployment of cross-system predictors could augment the availability of richer correlated data, with anomaly detection tailored to vessel class and attack vector. Further, federated learning across fleets could create an even more realistic model for the behavior of a class of ships. There is also a need for implementing new testbeds and improving existing ones. Strengthening cybersecurity for ships and defending trading routes is essential in an increasingly polarized world, and this thesis aims at presenting an approach for an easily implementable solution for existing vessels.
Securing Ship Routes: A Cross-System Approach to Anomaly Detection in Ships
VALENTE, ANDREA
2024/2025
Abstract
Cybersecurity in the maritime sector has become an increasingly pressing concern. While ports and companies in the field have made some progress over the years, the cybersecurity posture related to ships needs to be strengthened. Vessels are inherently vulnerable to cyber attacks due to their reliance on outdated systems, and the consequences of a successful attack range from high financial losses and environmental damages to threatening the safety of the personnel . In this context, security measures to rapidly detect attacks could play a crucial role in ensuring operational resilience and minimize losses. Despite the growing need for cybersecurity solutions, the maritime sector faces significant challenges, including the lack of publicly available maritime datasets for training models capable of detecting attacks, especially those involving correlated navigation and automation traffic. In this thesis, a proof of concept for detecting attacks as anomalies is presented. The used dataset is made from synthetic navigation and automation packets from the MaCySTe testbed, under normal and attack scenarios. The proof of concept takes inspiration from works on anomaly detection on route trajectories and route prediction for ships from navigation data using neural networks. The proposed approach learns the behavior of the ship in a holistic manner, analyzing both navigation and automation systems, to detect possible anomalies caused by cyber attacks aimed at making the ship change course or directly controlling it. Three learning tasks are explored in this thesis: direct correlated sequence classification of labeled anomalies, correlated sequences prediction, and cross‐system prediction of automation packets from navigation traffic. Systems developed for prediction do not require labeled data. Further, cross‐system predictors trained on clean navigation feeds could generate realistic automation traffic in the future. Looking forward, real‐ship deployment of cross-system predictors could augment the availability of richer correlated data, with anomaly detection tailored to vessel class and attack vector. Further, federated learning across fleets could create an even more realistic model for the behavior of a class of ships. There is also a need for implementing new testbeds and improving existing ones. Strengthening cybersecurity for ships and defending trading routes is essential in an increasingly polarized world, and this thesis aims at presenting an approach for an easily implementable solution for existing vessels.| File | Dimensione | Formato | |
|---|---|---|---|
|
Securing Ship Routes A Cross-System Approach to Anomaly Detection in Ships.pdf
Accesso riservato
Dimensione
3.05 MB
Formato
Adobe PDF
|
3.05 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/89891