In this new era, many technologies are emerging; a notable example is the large language model, a powerful machine learning model based on transformers or other architectures that can learn from massive datasets and generate remarkably humanlike communication systems. Thanks to this, model technology has made a significant leap forward, owing to the key characteristic of this structure: its ability to capture complex relationships between concepts, handle multiple tasks, and apply the results in various fields. One of the most important environmental applications of this new technology is in the world of OT, Industry 4.0. Operational Technologies are large or small applications of industrial automation in different fields (energy, manufacturing, etc.). Thanks to the growth, this device needs to be connected to the network, and this leads to a new problem for this context, which is not the practical problem of industrial automation, like tampering or physical intrusion, but a network vulnerability that can simplify the work for an attacker if the network has a low level of security. With increased interconnection of environmental monitoring networks, the potential for threats has increased rapidly, proportional to the attack surface. The existing security methods fall into two key areas: their inability to evolve and adapt, and the static, intrinsic nature of simple or complex deception tools. This underscores the urgent demand for robust solutions that can dynamically respond to threats and autonomously adapt their configurations. This research started from Cyber Deception Technology, specifically focusing on the evolution of Honeypot systems. The primary goal is to develop a honeypot with a high interaction level that leverages Large Language Models (LLMs) to simulate industrial protocols autonomously, thereby overcoming the limitations of traditional, hard-coded deception methods, such as static responses, which simplify identification for expert attackers. The primary contribution of this study is the development of an LLM to simulate the OT protocol. In contrast to static honeypots, this device uses a specialized dataset to train a model, creating a deceptive environment that responds realistically to various interactions. The approach covers everything from gathering training data to validating the device in a simulated operational context.
In this new era, many technologies are emerging; a notable example is the large language model, a powerful machine learning model based on transformers or other architectures that can learn from massive datasets and generate remarkably humanlike communication systems. Thanks to this, model technology has made a significant leap forward, owing to the key characteristic of this structure: its ability to capture complex relationships between concepts, handle multiple tasks, and apply the results in various fields. One of the most important environmental applications of this new technology is in the world of OT, Industry 4.0. Operational Technologies are large or small applications of industrial automation in different fields (energy, manufacturing, etc.). Thanks to the growth, this device needs to be connected to the network, and this leads to a new problem for this context, which is not the practical problem of industrial automation, like tampering or physical intrusion, but a network vulnerability that can simplify the work for an attacker if the network has a low level of security. With increased interconnection of environmental monitoring networks, the potential for threats has increased rapidly, proportional to the attack surface. The existing security methods fall into two key areas: their inability to evolve and adapt, and the static, intrinsic nature of simple or complex deception tools. This underscores the urgent demand for robust solutions that can dynamically respond to threats and autonomously adapt their configurations. This research started from Cyber Deception Technology, specifically focusing on the evolution of Honeypot systems. The primary goal is to develop a honeypot with a high interaction level that leverages Large Language Models (LLMs) to simulate industrial protocols autonomously, thereby overcoming the limitations of traditional, hard-coded deception methods, such as static responses, which simplify identification for expert attackers. The primary contribution of this study is the development of an LLM to simulate the OT protocol. In contrast to static honeypots, this device uses a specialized dataset to train a model, creating a deceptive environment that responds realistically to various interactions. The approach covers everything from gathering training data to validating the device in a simulated operational context.
ArtiPot: Automated Learning and Response Generation for Operational Technology Security
CINI, JACOPO
2025/2026
Abstract
In this new era, many technologies are emerging; a notable example is the large language model, a powerful machine learning model based on transformers or other architectures that can learn from massive datasets and generate remarkably humanlike communication systems. Thanks to this, model technology has made a significant leap forward, owing to the key characteristic of this structure: its ability to capture complex relationships between concepts, handle multiple tasks, and apply the results in various fields. One of the most important environmental applications of this new technology is in the world of OT, Industry 4.0. Operational Technologies are large or small applications of industrial automation in different fields (energy, manufacturing, etc.). Thanks to the growth, this device needs to be connected to the network, and this leads to a new problem for this context, which is not the practical problem of industrial automation, like tampering or physical intrusion, but a network vulnerability that can simplify the work for an attacker if the network has a low level of security. With increased interconnection of environmental monitoring networks, the potential for threats has increased rapidly, proportional to the attack surface. The existing security methods fall into two key areas: their inability to evolve and adapt, and the static, intrinsic nature of simple or complex deception tools. This underscores the urgent demand for robust solutions that can dynamically respond to threats and autonomously adapt their configurations. This research started from Cyber Deception Technology, specifically focusing on the evolution of Honeypot systems. The primary goal is to develop a honeypot with a high interaction level that leverages Large Language Models (LLMs) to simulate industrial protocols autonomously, thereby overcoming the limitations of traditional, hard-coded deception methods, such as static responses, which simplify identification for expert attackers. The primary contribution of this study is the development of an LLM to simulate the OT protocol. In contrast to static honeypots, this device uses a specialized dataset to train a model, creating a deceptive environment that responds realistically to various interactions. The approach covers everything from gathering training data to validating the device in a simulated operational context.| File | Dimensione | Formato | |
|---|---|---|---|
|
Jacopo_Cini_Master_Thesis_UniPD.pdf
Accesso riservato
Dimensione
9.52 MB
Formato
Adobe PDF
|
9.52 MB | Adobe PDF |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/108078