Complex and heterogeneous systems characterize the Industry 4.0. Due to the Information Technology (IT) convergence towards the Operational Technology (OT), the development of innovative cyber-physical security tools represents a milestone for the Industrial Control Systems (ICSs) protection. In this context, honeypots are systems used as decoys to detect and analyze malicious actions. However, industrial networks require specic honeypot development capabilities. In this work, we present MimePot, a cyber-physical honeypot conceived for industrial control networks. Compared to classic honeypots, MimePot offers a model-based approach: It is able to simulate physical processes to lure skilled attackers targeting industrial plants. Moreover, MimePot uses the Software Defined Networking (SDN) technology to provide a consistent future proof security approach. We demonstrate the usefulness of MimePot performing data integrity attacks against a water distribution system in a simulated environment.
Bernieri, G., Conti, M., Pascucci, F. (2019). MimePot: A model-based honeypot for industrial control networks. In Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics (pp.433-438). Institute of Electrical and Electronics Engineers Inc. [10.1109/SMC.2019.8913891].
MimePot: A model-based honeypot for industrial control networks
Pascucci F.
2019-01-01
Abstract
Complex and heterogeneous systems characterize the Industry 4.0. Due to the Information Technology (IT) convergence towards the Operational Technology (OT), the development of innovative cyber-physical security tools represents a milestone for the Industrial Control Systems (ICSs) protection. In this context, honeypots are systems used as decoys to detect and analyze malicious actions. However, industrial networks require specic honeypot development capabilities. In this work, we present MimePot, a cyber-physical honeypot conceived for industrial control networks. Compared to classic honeypots, MimePot offers a model-based approach: It is able to simulate physical processes to lure skilled attackers targeting industrial plants. Moreover, MimePot uses the Software Defined Networking (SDN) technology to provide a consistent future proof security approach. We demonstrate the usefulness of MimePot performing data integrity attacks against a water distribution system in a simulated environment.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.