Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots
Creators
- 1. Sidroco Holdings Ltd
- 2. University of Western Macedonia
- 3. International Hellenic University
- 4. University of Peloponnese
- 5. Hellenic Mediterranean University
Description
Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.
Files
CSR2022_Honeypots_v4.pdf
Files
(417.2 kB)
Name | Size | Download all |
---|---|---|
md5:bfa80d6ade20e2eb3ec31e0fcf9d2f1e
|
417.2 kB | Preview Download |