Fig 2 - uploaded by Panagiotis G. Sarigiannidis
Content may be subject to copyright.
Source publication
The Industrial Control Systems (ICS) are the underlying monitoring and control components of critical infrastruc-tures, which consist of a number of distributed field devices, such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs) and Human Machine Interfaces (HMIs). As modern ICS are connected to the Internet, in the context o...
Context in source publication
Context 1
... structure of a Modbus frame is illustrated in Fig. 2. The Application Data Unit (ADU), includes a Protocol Data Unit (PDU) along with fields reserved for device addressing and error checking. The PDU consists of the function code field, which is used to select the operation, while the data field size depends on the selected function. In the Modbus serial variant, the addressing field ...
Similar publications
This paper presents the use of the results of the shifting method of relay feedback identification for tuning the Proportional-Integral-Derivative controllers. Parameters of the second order plus time delay models estimated by the shifting method of relay feedback identification were used to compute controller parameters. Behaviour of closed loop s...
Citations
... 5) Transportation and Infrastructure: Industrial Control Systems (ICS) play a vital role in various sectors, including transportation and infrastructure, where their implementation ensures efficient and reliable operations. The paper [21] "A Novel and Interactive Industrial Control System" introduces a novel ICS honeypot based on the Conpot framework, which is designed to emulate physical ICS devices and attract potential attackers for security analysis. While the paper focuses on the power generation department of a hydropower plant, its findings can be extended to explore the advantages of ICS in transportation and infrastructure. ...
p>Artificial intelligence (AI) is not a fancy term anymore, or not limited to only researchers and academia. AI is currently becoming a part and parcel of our daily life, we are using AI/ intelligent systems by knowing or without knowing. Event product manufacturers are also trying to incorporate AI with their products to make it more preferable to consumers and trying to get the full benefit of using AI in their production and control units even for business decisions. Therefore, In our paper, we give a comprehensive survey of recent advances in Computational intelligence in industrial Control Systems and cover many usages of how industrial Control Systems are getting benefits from using Computational intelligence. We covered multiple domains like Manufacturing, Energy Management, Transportation, Food and Beverage Industry, and Pharmaceutical Industry, how these industries are utilizing multiple CI-based control systems like Programmable Logic Controllers, Distributed Control Systems, Supervisory Control and Data Acquisition, Industrial Automation, and Control Systems, Intelligent Electronic Devices and found benefits in their operations and manufacturing which helping them to focus more in innovation and improvement of their products. We believe that this survey shall be valuable to researchers across academia and industry.</p
... 5) Transportation and Infrastructure: Industrial Control Systems (ICS) play a vital role in various sectors, including transportation and infrastructure, where their implementation ensures efficient and reliable operations. The paper [21] "A Novel and Interactive Industrial Control System" introduces a novel ICS honeypot based on the Conpot framework, which is designed to emulate physical ICS devices and attract potential attackers for security analysis. While the paper focuses on the power generation department of a hydropower plant, its findings can be extended to explore the advantages of ICS in transportation and infrastructure. ...
p>Artificial intelligence (AI) is not a fancy term anymore, or not limited to only researchers and academia. AI is currently becoming a part and parcel of our daily life, we are using AI/ intelligent systems by knowing or without knowing. Event product manufacturers are also trying to incorporate AI with their products to make it more preferable to consumers and trying to get the full benefit of using AI in their production and control units even for business decisions. Therefore, In our paper, we give a comprehensive survey of recent advances in Computational intelligence in industrial Control Systems and cover many usages of how industrial Control Systems are getting benefits from using Computational intelligence. We covered multiple domains like Manufacturing, Energy Management, Transportation, Food and Beverage Industry, and Pharmaceutical Industry, how these industries are utilizing multiple CI-based control systems like Programmable Logic Controllers, Distributed Control Systems, Supervisory Control and Data Acquisition, Industrial Automation, and Control Systems, Intelligent Electronic Devices and found benefits in their operations and manufacturing which helping them to focus more in innovation and improvement of their products. We believe that this survey shall be valuable to researchers across academia and industry.</p
... In the context of smart grid networks, a honeypot simulates the normal operation of a device, such as a smart meter, to attract, deceive and analyze an attacker's behavior [135]. Several proofs-of-concept have been shown for the use of honeypots in smart grids [135,148,184]. The use of honeypots for privacy-preserving federated learning environments is discussed in [7]. ...
The power grid is a constant target for attacks as they have the potential to affect a large geographical location, thus affecting hundreds of thousands of customers. With the advent of wireless sensor networks in the smart grids, the distributed network has more vulnerabilities than before, giving numerous entry points for an attacker. The power grid operation is usually not hindered by small-scale attacks; it is popularly known to be self-healing and recovers from an attack as the neighboring areas can mitigate the loss and prevent cascading failures. However, the attackers could target users, admins and other control personnel, disabling access to their systems and causing a delay in the required action to be taken. Termed as the biggest machine in the world, the US power grid has only been having an increased risk of outages due to cyber attacks. This work focuses on structuring the attack detection literature in power grids and provides a systematic review and insights into the work done in the past decade in the area of anomaly or attack detection in the domain.
... According to GreyNoise, benign IPs are associated with legitimate entities and have opt-out functionality; malicious IPs are IPs that exhibited harmful behaviors; unknown IPs do not meet the criteria for benign or malicious IPs and include Internet scanning services. [13,20,26,41]. ...
... Only [16,18,20,22,26,29,49] explicitly support some form of register manipulation, and only [18-21, 29, 41, 49] explicitly support some form of HMI manipulation. As regards physics-awareness, only the works in [13,18,19,26,29,41,49] provide some form of simulation of the underlying physical industrial processes. ...
... Honeypot Entry Point. The reviewed honeypots have been either exposed on the Internet [16,21,22,32,38,55,56] or protected via a VPN [13,19,20,26]. Only [41] has been designed to support both kinds of entry points. ...
Industrial control systems (ICSs) are vulnerable to cyber-physical attacks, i.e., security breaches in cyberspace that adversely affect the underlying physical processes. In this context, honeypots are effective countermeasures both to defend against such attacks and discover new attack strategies. In recent years, honeypots for ICSs have made significant progress in faithfully emulating OT networks, including physical process interactions. We propose HoneyICS, a high-interaction, physics-aware, scal-able, and extensible honeynet for ICSs, equipped with an advanced monitoring system. We deployed our honeynet on the Internet and conducted experiments to evaluate the effectiveness of HoneyICS.
... [16] Algorithm Run Time and allocation of the attacker Graph are the things that could be noted from this paper. [17] A novel and interactive industry control system with a graph. Industrial Control Systems (ICS) provide a variety of tools and services and several distributed field devices that serve as monitoring and control components of critical infrastructures. ...
With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot that uses various technologies like Docker, Shell Scripts, Python, Elastic Search, Kibana, and Filebeats which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. Information about the attacker will be gathered by the bot in the honeypot which will help us reach the roots of the attacker. The target networks could be varied and cause a lot of damage when sensitive data will be lost/stolen. However, this honeypot is like a traditional honeypot but quite updated with new-generation technology and their needs related to cyber-security.
... A system consisting of two or more honeypots is called honeynet. [29] Modbus Internet Conpot [17] Modbus, S7comm, BACnet, EtherNet/IP Internet Dipot [13] Modbus, S7comm, BACnet Internet HosTaGe [9] Modbus, S7comm Internet Pliatsios et al. [6] Modbus VPN Honeyd+ [20] EtherNet/IP Internet THS [24] Modbus, S7comm, BACNet Internet CryPLH [7] S7comm Internet HoneyPhy [27] DNP3 Internet + VPN GasPot [16] -Internet Antonioli et al. [5] EtherNet/IP VPN Murillo et al. [3] EtherNet/IP VPN MimePot [10] Modbus VPN HoneyPLC [8] S7comm Internet ...
... In this respect, Antonioli et al. [5] provide the possibility to build up a communication network between PLCs and/or HMIs, while HoneyPhy [27] only propose an ideal architecture where such communication is possible. As a consequence, only Antonioli et al. [5] support non-trivial MITM attacks between PLCs and/or HMIs; more limited forms of MITM attacks, between PLCs and their plant, can be simulated in [3,6,10,27]. ...
... Among the reviewed honeypots, only [6,9,10,24] explicitly support some form of register manipulation, and only [5][6][7]27] explicitly support some form of HMI manipulation. As regards physicsawareness, only the works in [3,5,10,27] provide some form of simulation of the underlying physical industrial processes. ...
Industrial control systems (ICSs) play a crucial role in modern society, controlling and automating processes in industries ranging from manufacturing to energy production. The increasing connectivity of ICSs with corporate networks has made them vulnerable to cyber attacks that can compromise the controlled physical processes. We present the architecture of HoneyICS, a high-interaction, physics-aware, scalable, reconfigurable, and extensible honeynet for ICSs, facing most of the limitation of current honeypots for ICSs.
... D. Pliatsios et al. [23] develop an interactive honeypot able to emulate real Remote Terminal Unit (RTU) devices that operate using the Modbus protocol. The proposed honeypot receives as input a Modbus only traffic capture file in pcap format, extracts RTU device measurements and stores them internally. ...
The digitisation of the typical electrical grid introduces valuable services, such as pervasive control, remote monitoring and self-healing. However, despite the benefits, cybersecurity and privacy issues can result in devastating effects or even fatal accidents, given the interdependence between the energy sector and other critical infrastructures. Large-scale cyber attacks, such as Indostroyer and DragonFly have already demonstrated the weaknesses of the current electrical grid with disastrous consequences. Based on the aforementioned remarks, both academia and industry have already designed various cybersecurity standards, such as IEC 62351. However, dynamic risk assessment and certification remain crucial aspects, given the sensitive nature of the electrical grid. On the one hand, dynamic risk assessment intends to re-compute the risk value of the affected assets and their relationships in a dynamic manner based on the relevant security events and alarms. On the other hand, based on the certification process, new approach for the dynamic management of the security need to be defined in order to provide adaptive reaction to new threats. This paper presents a combined approach, showing how both aspects can be applied in a collaborative manner in the smart electrical grid.
... This is due to the high cost of real ICS devices and the inability to create virtual nodes running their firmware. Ref. [26] proposes a honeypot system architecture, which in addition to the virtual machine with Conpot [27] simulating the RTU devices includes virtual and real HMI panels to perform network interaction with RTU, thus betraying the realism of the network infrastructure. ...
Rapid progress of computing and info-communication technologies (ICT) has changed the ecosystem of power production and delivery. Today, an energy network is a complex set of interrelated devices and information systems covering all areas of electric power operations and applying ICT based on open standards, such as IEC 60870, IEC 61850, and IEC 61970. According to IEC 62351, the energy networks are faced with high cybersecurity risks caused by open communications, security requirements rarely considered in the energy facilities, partial and difficult upgrades, and incompatibility of secure tools with industrial solutions. This situation results in new security challenges, e.g. denial of service attacks on the connected controllers, dispatching centers, process control systems, and terminals. IEC 62351 describes possible ways to comprehensive security in the energy networks. Most of them used in traditional networks (e.g., firewalls, intrusion detection systems) can be adapted to the energy networks. Honeypot systems as a protection measure help us to mitigate the attacks and maintain necessary security in the networks. Due to the large scale of an energy network and heterogeneity of its components, a new design, deployment, and management strategy for the honeypot systems are required. The paper suggests a new method for organizing a virtual network infrastructure of a hybrid honeypot system and a dynamic management method that adapts the network topology to the attacker’s actions according to the development graph of potential attacks. This technique allows us to dynamically build virtual networks of arbitrary scale. Because of the similarity of the virtual network to the virtualized origin and providing the level of interactivity of its nodes corresponding to real devices, this technique deploys an energy network indistinguishable from the real one for the attackers. A prototype of our honeypot system has been implemented, and experiments on it have demonstrated the more efficient use of the computing resources, the faster reaction to the attacker’s actions, and the deployment of different sizes of virtual networks for the given limits of the computing resources.
... The SCADA framework moves forward the controlling and administering mechanical systems by synchronizing the machine's distinctive parts using the amounts assembled by sensors [25]. Assurance against cyberattacks for the SCADA could be a strict requirement, but it is an essential tool to preserve network security. ...
... The accuracy of EIDS has increased compared to the three mentioned datasets. The accuracy of EIDS on the main database has increased by 31% in test data DT, 29.59% in test data KNN,25 According to the obtained results, the program developed for this research signi cantly improved the analysis of the EIDS database for early intrusion detection compared to other datasets. The performed design with high accuracy can detect abnormal tra c in industrial facilities by its expanded sensors in the network of industrial facilities. ...
The emergence of industrial Cyberinfrastructures, the development of information communication technology in industrial fields, and the remote accessibility of automated Industrial Control Systems (ICS) lead to various cyberattacks on industrial networks and Supervisory Control and Data Acquisition (SCADA) networks. The development of ICS industry-specific cybersecurity mechanisms can reduce the vulnerability of systems to fire, explosion, human accidents, environmental damage, and financial loss. Given that vulnerabilities are the points of penetration into industrial systems, and using these weaknesses, threats are organized, and intrusion into industrial systems occurs. Thus, it is essential to continuously improve the security of the networks of industrial control facilities. Traditional intrusion detection systems have been shown to be sluggish and prone to false positives. As a result, these algorithms' performance and speed must be improved. This paper proposes a novel Honeypot enhanced industrial Early Intrusion Detection System (EIDS) incorporated with Machine Learning (ML) algorithms. The proposed scheme collects data from all sensors of Honeypot and industrial devices from the industrial control network, stores it in the database of EIDS, analyses it using expert ML algorithms. The designed system for early intrusion detection can protect industrial systems against vulnerabilities by alerting the shortest possible time using online data mining in the EIDS database. The results show that the proposed EIDS detects anomalous behavior of the data with a high detection rate, low false positives, and better classification accuracy.
... Pliatsios et al. [144] proposed a honeypot system for Smart-Grid which is based on the Conpot honeypot framework. The proposed honeypot consists of real Human-Machine Interface HMI and real Remote Terminal Unit RTU devices, and two virtual machines, one for virtual HMI and the other for a Conpot-based honeypot emulating an RTU device. ...
... Considering the roles of honeypots, we see that the overwhelming majority of the proposals have server roles. The honeypots and honeynets that have components which act like clients are Haney et al. [131], Pliatsos et al. [144], and MimePot [152]. ...
... When we consider the protocols, we can see that Modbus, HTTP, SNMP, and S7comm are the most popular protocols among the studies. Our findings are also validated by a number of researchers [3], [127], [135], [144], [151], [159], [160] who cite Modbus as the most widely used industrial protocol. Popularity of industrial protocols along with number of honeypots supporting them can be expressed as follows: Modbus (22) (3), and ISOTSAP (2). ...
The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems -IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.
