ICSNet: A Hybrid-Interaction Honeynet for Industrial Control Systems

ICSNet: A Hybrid-Interaction Honeynet for Industrial Control Systems

연구 분야: Infrastructure

학회: CPSIoTSec'24: Proceedings of the Sixth Workshop on CPS&IoT Security and Privacy

Industrial Control Systems (ICS) manage several critical infrastructures, such as the electrical grid and water treatment plants. ICS have been the target of cyberattacks designed to disrupt the operation of critical infrastructure, risking the safety of the system. Honeypots and honeynets are used to gather intelligence on novel threats against ICS and to help us prepare for future attacks. In this paper, we introduce ICSNet, a hybrid-interaction honeynet that improves on the state of the art of ICS honeynets by developing a new modular architecture that integrates high-fidelity physical process simulations, more industrial protocols, and high-fidelity device fingerprints. We evaluate ICSNet using multiple physical process scenarios and reconnaissance tools like Nmap and Nikto. We show that ICSNet can successfully represent different ICS environments while interacting with the industrial assets in the physical simulation, giving attackers a convincing view of an ICS.