Reconfigurable and Scalable Honeynet for Cyber-Physical Systems
Luís Sousa, José Cecílio, Pedro Ferreira, Alan Oliveira
TL;DR
The paper addresses the security of industrial control systems by proposing a software-based, scalable, and reconfigurable honeynet for cyber-physical systems that can automatically generate attacks to validate defenses. It introduces a modular architecture with Architecture and Attack Coordinators, a CPS core (Plant/SCADA/HMI/PLC), and a data collection layer, all containerized to enable dynamic deployment and realistic attack scenarios. The approach aims to produce rich, labeled data for training ML-based intrusion detection systems in CPS environments and to provide a controlled testbed for validating security measures. If realized, the system can improve threat understanding, attack resilience, and dataset quality for CPS security research and practice.
Abstract
Industrial Control Systems (ICS) constitute the backbone of contemporary industrial operations, ranging from modest heating, ventilation, and air conditioning systems to expansive national power grids. Given their pivotal role in critical infrastructure, there has been a concerted effort to enhance security measures and deepen our comprehension of potential cyber threats within this domain. To address these challenges, numerous implementations of Honeypots and Honeynets intended to detect and understand attacks have been employed for ICS. This approach diverges from conventional methods by focusing on making a scalable and reconfigurable honeynet for cyber-physical systems. It will also automatically generate attacks on the honeynet to test and validate it. With the development of a scalable and reconfigurable Honeynet and automatic attack generation tools, it is also expected that the system will serve as a basis for producing datasets for training algorithms for detecting and classifying attacks in cyber-physical honeynets.