Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;

Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;

VIRTUEPOT: A High-Fidelity and High-Interaction Virtual Honeypot for Industrial Control Systems.

CHIDANANDA, NIKHIL KARAKUCHI
2023/2024

Abstract

Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;
2023
VIRTUEPOT: A High-Fidelity and High-Interaction Virtual Honeypot for Industrial Control Systems.
Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;
Honeypot
ICS
PLC
SCADA
File in questo prodotto:
File Dimensione Formato  
Cybersecurity_MSc_Thesis_Virtuepot_Nikhil.pdf

accesso aperto

Dimensione 5.71 MB
Formato Adobe PDF
5.71 MB Adobe PDF Visualizza/Apri

The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12608/71043