A Generative Model Based Honeypot for Industrial OPC UA Communication

TL;DR

It is demonstrated that a generative model-based honeypot can feasibly replicate a cyclic industrial process via OPC UA communication, and the results demonstrate that a stable and plausible trajectory generation is indicated over extended periods.

Abstract

Industrial Operational Technology (OT) systems are increasingly targeted by cyber-attacks due to their integration with Information Technology (IT) systems in the Industry 4.0 era. Besides intrusion detection systems, honeypots can effectively detect these attacks. However, creating realistic honeypots for brownfield systems is particularly challenging. This paper introduces a generative model-based honeypot designed to mimic industrial OPC UA communication. Utilizing a Long ShortTerm Memory (LSTM) network, the honeypot learns the characteristics of a highly dynamic mechatronic system from recorded state space trajectories. Our contributions are twofold: first, we present a proof-of concept for a honeypot based on generative machine-learning models, and second, we publish a dataset for a cyclic industrial process. The results demonstrate that a generative model-based honeypot can feasibly replicate a cyclic industrial process via OPC UA communication. In the short-term, the generative model indicates a stable and plausible trajectory generation, while deviations occur over extended periods. The proposed honeypot implementation operates efficiently on constrained hardware, requiring low computational resources. Future work will focus on improving model accuracy, interaction capabilities, and extending the dataset for broader applications.

Figures (13)

• Figure 1: Cyber-physical system architecture with a honeypot for security, where the threat actor gained access to the SCADA system.
• Figure 2: The Quanser Aero 2 (left) and its schematic representation (right) in a 2-DoF configuration.
• Figure 3: OPC UA Server Interface for the CPS queried with the opcua-client-gui .
• Figure 4: The target yaw $\varPsi_T$ and pitch $\varTheta_T$ angles of the CPS over time, realizing four sequences repeated in the same order multiple times. The duration of each sequence is annotated in seconds.
• Figure 5: The second sequence of the cyclic process with start and end marked by dashed vertical lines. Showing motor voltages ($U_0$, $U_1$), currents ($I_0$, $I_1$), angular velocities ($\dot{\varTheta}$, $\dot{\varPsi}$), actual pitch and yaw ($\varTheta$, $\varPsi$), and target pitch and yaw ($\varTheta_T$, $\varPsi_T$). The actual pitch and yaw are slightly dragging behind their targets.