Published August 16, 2022 | Version v1
Conference paper Open

Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots

  • 1. Sidroco Holdings Ltd
  • 2. University of Western Macedonia
  • 3. International Hellenic University
  • 4. University of Peloponnese
  • 5. Hellenic Mediterranean University

Description

Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.

Files

CSR2022_Honeypots_v4.pdf

Files (417.2 kB)

Name Size Download all
md5:bfa80d6ade20e2eb3ec31e0fcf9d2f1e
417.2 kB Preview Download

Additional details

Funding

ELECTRON – rEsilient and seLf-healed EleCTRical pOwer Nanogrid 101021936
European Commission