@conference{9850329,

title = {Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots},

author = {Elisavet Grigoriou and Athanasios Liatifis and Panagiotis Radoglou Grammatikis and Thomas Lagkas and Ioannis Moscholios and Evangelos Markakis and Panagiotis Sarigiannidis},

url = {https://www.researchgate.net/publication/362744045_Protecting_IEC_60870-5-104_ICSSCADA_Systems_with_Honeypots},

doi = {10.1109/CSR54599.2022.9850329},

isbn = {978-1-6654-9952-1},

year  = {2022},

date = {2022-07-27},

booktitle = {2022 IEEE International Conference on Cyber Security and Resilience (CSR)},

pages = {345-350},

abstract = {Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.},

keywords = {Cybersecurity, Honeypots, ICS, SCADA},

pubstate = {published},

tppubtype = {conference}

}

@conference{9881726,

title = {Attacking and Defending DNP3 ICS/SCADA Systems},

author = {Vasiliki Kelli and Panagiotis Radoglou-Grammatikis and Achilleas Sesis and Thomas Lagkas and Eleftherios Fountoukidis and Emmanouil Kafetzakis and Ioannis Giannoulakis and Panagiotis Sarigiannidis},

doi = {10.1109/DCOSS54816.2022.00041},

isbn = {978-1-6654-9512-7},

year  = {2022},

date = {2022-05-30},

booktitle = {2022 18th International Conference on Distributed Computing in Sensor Systems (DCOSS)},

pages = {183-190},

abstract = {The highly beneficial contribution of intelligent systems in the industrial domain is undeniable. Automation, supervision, remote control, and fault reduction are some of the various advantages new technologies offer. A protocol demonstrating high utility in industrial settings, and specifically, in smart grids, is Distributed Network Protocol 3 (DNP3), a multi-tier, application layer protocol. Notably, multiple industrial protocols are not as securely designed as expected, considering the highly critical operations occurring in their application domain. In this paper, we explore the internal vulnerabilities-by-design of DNP3, and proceed with the implementation of the attacks discovered, demonstrated through 8 DNP3 attack scenarios. Finally, we design and demonstrate a Deep Neural Network (DNN)-based, multi-model Intrusion Detection Systems (IDS), trained with our experimental network flow cyberattack dataset, and compare our solution with multiple machine learning algorithms used for classification. Our solution demonstrates a high efficiency in the classification of DNP3 cyberattacks, showing an accuracy of 99.0%.},

keywords = {cyberattack, DNP3, ICS, Intrusion detection, SCADA},

pubstate = {published},

tppubtype = {conference}

}