Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots
- Post by: admin
- July 27, 2022
- Comments off
Abstract
Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.
Links
- https://www.researchgate.net/publication/362744045_Protecting_IEC_60870-5-104_IC[...]
- doi:10.1109/CSR54599.2022.9850329
BibTeX (Download)
@conference{9850329, title = {Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots}, author = {Elisavet Grigoriou and Athanasios Liatifis and Panagiotis Radoglou Grammatikis and Thomas Lagkas and Ioannis Moscholios and Evangelos Markakis and Panagiotis Sarigiannidis}, url = {https://www.researchgate.net/publication/362744045_Protecting_IEC_60870-5-104_ICSSCADA_Systems_with_Honeypots}, doi = {10.1109/CSR54599.2022.9850329}, isbn = {978-1-6654-9952-1}, year = {2022}, date = {2022-07-27}, booktitle = {2022 IEEE International Conference on Cyber Security and Resilience (CSR)}, pages = {345-350}, abstract = {Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.}, keywords = {Cybersecurity, Honeypots, ICS, SCADA}, pubstate = {published}, tppubtype = {conference} }