Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;
Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;
VIRTUEPOT: A High-Fidelity and High-Interaction Virtual Honeypot for Industrial Control Systems.
CHIDANANDA, NIKHIL KARAKUCHI
2023/2024
Abstract
Industrial Control Systems (ICS) are essential for managing and controlling various industrial activities such as energy production, manufacturing, wastewater management, and transportation. However, as these systems become more interconnected and digitized, they face increasing cybersecurity threats. To address these issues, this research explores the use of honeypots as a proactive cybersecurity tool to protect Industrial Control Systems. A honeypot is an effective tool for studying attacks on ICS and developing defence methods to protect against these attacks. Currently, the ICS industry is facing a growing number of cyber threats, with attackers becoming more sophisticated. As a result, it has become more challenging to create honeypots that can effectively detect and respond to attacks, log interactions, and capture changes in the physical processes of ICS. Our research aims to gain valuable insights into attack patterns and behaviours using honeypots. By doing so, we can gather crucial information about the latest Tactics, Techniques, and Procedures (TTPs) used by attackers, as well as their technical knowledge and capabilities. In this thesis, we introduce VirtuePot, a honeypot that focuses on the physical interaction and design of ICS honeypots. VirtuePot simulates the behaviour and services of real Programmable Logic Controllers (PLCs) using dynamic service simulations. This includes advanced simulations of industrial processes, communication protocols, and command responses. We deployed VirtuePot both in the cloud (using DigitalOcean) and locally on-premise at the VSIX Internet Exchange Point, and collected data over 61 days. Our findings show that VirtuePot recorded a significant amount of ICS interactions from around the world. The log analysis revealed that the on-premise deployment at the VSIX Internet Exchange Point attracted more realistic attacks compared to the cloud (DigitalOcean) deployment. This indicates that attackers are actively targeting ICS systems, and the deployment location can impact the nature and realism of the attacks encountered. Keywords: Cyber-physical system (CPS);Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA;File | Dimensione | Formato | |
---|---|---|---|
Cybersecurity_MSc_Thesis_Virtuepot_Nikhil.pdf
accesso aperto
Dimensione
5.71 MB
Formato
Adobe PDF
|
5.71 MB | Adobe PDF | Visualizza/Apri |
The text of this website © Università degli studi di Padova. Full Text are published under a non-exclusive license. Metadata are under a CC0 License
https://hdl.handle.net/20.500.12608/71043