2022 |
Elisavet Grigoriou; Athanasios Liatifis; Panagiotis Radoglou Grammatikis; Thomas Lagkas; Ioannis Moscholios; Evangelos Markakis; Panagiotis Sarigiannidis , "Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots", 2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022, ISBN: 978-1-6654-9952-1. Conference Abstract | BibTeX | Tags: Cybersecurity, Honeypots, ICS, SCADA | Links: @conference{9850329, title = {Protecting IEC 60870-5-104 ICS/SCADA Systems with Honeypots}, author = {Elisavet Grigoriou and Athanasios Liatifis and Panagiotis Radoglou Grammatikis and Thomas Lagkas and Ioannis Moscholios and Evangelos Markakis and Panagiotis Sarigiannidis}, url = {https://www.researchgate.net/publication/362744045_Protecting_IEC_60870-5-104_ICSSCADA_Systems_with_Honeypots}, doi = {10.1109/CSR54599.2022.9850329}, isbn = {978-1-6654-9952-1}, year = {2022}, date = {2022-07-27}, booktitle = {2022 IEEE International Conference on Cyber Security and Resilience (CSR)}, pages = {345-350}, abstract = {Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work.}, keywords = {Cybersecurity, Honeypots, ICS, SCADA}, pubstate = {published}, tppubtype = {conference} } Both signature-based and anomaly-based Intrusion Detection and Prevention System (IDPS) have already demonstrated their efficiency towards recognising and mitigating various intrusions. However, the first category cannot detect zero-day attacks, while the second one lacks the presence of appropriate datasets. Therefore, the presence of additional cybersecurity mechanisms is necessary, especially in the area of the Industrial Internet of Things (IIoT), including critical infrastructures, such as the smart electrical grid. Thus, honeypots are used to hide and protect critical assets. IEC 60870-5-104 (IEC104) is a widely used telemetry protocol in Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA). However, IEC104 lacks critical security features, such as encryption, integrity protection and authentication. This work presents the IEC104 honeypot, which is capable of hiding the actual IEC104 assets and detecting potential intrusions and anomalies. The experimental results demonstrate the effectiveness of our work. |
Ilias Siniosoglou; Vasileios Argyriou; Thomas Lagkas; Apostolos Tsiakalos; Antonios Sarigiannidis; Panagiotis Sarigiannidis , "Covert Distributed Training of Deep Federated Industrial Honeypots", 2021 IEEE Globecom Workshops (GC Wkshps), 2022, ISBN: 978-1-6654-2391-5. Conference Abstract | BibTeX | Tags: Autoencoder, Data Generation, Deep Learning, Honeypots, Industrial Control System, SCADA | Links: @conference{9682162, title = {Covert Distributed Training of Deep Federated Industrial Honeypots}, author = { Ilias Siniosoglou and Vasileios Argyriou and Thomas Lagkas and Apostolos Tsiakalos and Antonios Sarigiannidis and Panagiotis Sarigiannidis}, url = {https://www.researchgate.net/publication/358085083_Covert_Distributed_Training_of_Deep_Federated_Industrial_Honeypots}, doi = {10.1109/GCWkshps52748.2021.9682162}, isbn = {978-1-6654-2391-5}, year = {2022}, date = {2022-01-24}, booktitle = {2021 IEEE Globecom Workshops (GC Wkshps)}, pages = {1-6}, abstract = {Since the introduction of automation technologies in the Industrial field and its subsequent scaling to horizontal and vertical extents, the need for interconnected industrial systems, supporting smart interoperability is ever higher. Due to this scaling, new and critical vulnerabilities have been created, notably in legacy systems, leaving Industrial infrastructures prone to cyber attacks, that can some times have catastrophic results. To tackle the need for extended security measures, this paper presents a Federated Industrial Honeypot that takes advantage of decentralized private Deep Training to produce models that accumulate and simulate real industrial devices. To enhance their camouflage, SCENT, a new custom and covert protocol is proposed, to fully immerse the Federated Honeypot to its industrial role, that handles the communication between the server and honeypot during the training, to hide any clues of operation of the honeypot other that its supposed objective to the eye of the attacker.}, keywords = {Autoencoder, Data Generation, Deep Learning, Honeypots, Industrial Control System, SCADA}, pubstate = {published}, tppubtype = {conference} } Since the introduction of automation technologies in the Industrial field and its subsequent scaling to horizontal and vertical extents, the need for interconnected industrial systems, supporting smart interoperability is ever higher. Due to this scaling, new and critical vulnerabilities have been created, notably in legacy systems, leaving Industrial infrastructures prone to cyber attacks, that can some times have catastrophic results. To tackle the need for extended security measures, this paper presents a Federated Industrial Honeypot that takes advantage of decentralized private Deep Training to produce models that accumulate and simulate real industrial devices. To enhance their camouflage, SCENT, a new custom and covert protocol is proposed, to fully immerse the Federated Honeypot to its industrial role, that handles the communication between the server and honeypot during the training, to hide any clues of operation of the honeypot other that its supposed objective to the eye of the attacker. |
2020 |
I. Siniosoglou; G. Efstathopoulos; D. Pliatsios; I.D. Moscholios; A. Sarigiannidis; G. Sakellari; G. Loukas; P. Sarigiannidis , "NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks", 2020 IEEE Symposium on Computers and Communications (ISCC), IEEE, 2020. Conference Abstract | BibTeX | Tags: Autoencoder Network, Data Generation, GAN Network, Honeypots, Industrial Control System, SCADA | Links: @conference{Siniosoglou2020, title = {NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks}, author = { I. Siniosoglou and G. Efstathopoulos and D. Pliatsios and I.D. Moscholios and A. Sarigiannidis and G. Sakellari and G. Loukas and P. Sarigiannidis}, editor = { 2020 {IEEE} Symposium on Computers and Communications ({ISCC})}, url = {https://www.researchgate.net/publication/347267819_NeuralPot_An_Industrial_Honeypot_Implementation_Based_On_Deep_Neural_Networks}, doi = {10.1109/ISCC50000.2020.9219712}, year = {2020}, date = {2020-07-01}, booktitle = {2020 IEEE Symposium on Computers and Communications (ISCC)}, journal = {Proceedings - IEEE Symposium on Computers and Communications}, publisher = {IEEE}, abstract = {Honeypots are powerful security tools, developed to shield commercial and industrial networks from malicious activity. Honeypots act as passive and interactive decoys in a network attracting malicious activity and securing the rest of the network entities. Since an increase in intrusions has been observed lately, more advanced security systems are necessary. In this paper a new method of adapting a honeypot system in a modern industrial network, employing the Modbus protocol, is introduced. In the presented NeuralPot honeypot, two distinct deep neural network implementations are utilized to adapt to network Modbus entities and clone them, actively confusing the intruders. The proposed deep neural networks and their generated data are then compared. © 2020 IEEE.}, keywords = {Autoencoder Network, Data Generation, GAN Network, Honeypots, Industrial Control System, SCADA}, pubstate = {published}, tppubtype = {conference} } Honeypots are powerful security tools, developed to shield commercial and industrial networks from malicious activity. Honeypots act as passive and interactive decoys in a network attracting malicious activity and securing the rest of the network entities. Since an increase in intrusions has been observed lately, more advanced security systems are necessary. In this paper a new method of adapting a honeypot system in a modern industrial network, employing the Modbus protocol, is introduced. In the presented NeuralPot honeypot, two distinct deep neural network implementations are utilized to adapt to network Modbus entities and clone them, actively confusing the intruders. The proposed deep neural networks and their generated data are then compared. © 2020 IEEE. |
P. Radoglou-Grammatikis; P. Sarigiannidis; E. Iturbe; E. Rios; A. Sarigiannidis; O. Nikolis; D. Ioannidis; V. Machamint; M. Tzifas; A. Giannakoulias; M. Angelopoulos; A. Papadopoulos; F. Ramos , "Secure and private smart grid: The SPEAR architecture", 2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, 2020. Conference Abstract | BibTeX | Tags: Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid | Links: @conference{Grammatikis2020450, title = {Secure and private smart grid: The SPEAR architecture}, author = { P. Radoglou-Grammatikis and P. Sarigiannidis and E. Iturbe and E. Rios and A. Sarigiannidis and O. Nikolis and D. Ioannidis and V. Machamint and M. Tzifas and A. Giannakoulias and M. Angelopoulos and A. Papadopoulos and F. Ramos}, url = {https://www.researchgate.net/publication/343621502_Secure_and_Private_Smart_Grid_The_SPEAR_Architecture?_sg=ajSET8e8bb-KvKba1e9QHd7a7IFuKtI-72RhxDMcm-yozF1Q-5Jx4b8jAVrAhVncE1vtLBx2eVdgcx4}, doi = {10.1109/NetSoft48620.2020.9165420}, year = {2020}, date = {2020-06-01}, booktitle = {2020 6th IEEE Conference on Network Softwarization (NetSoft)}, journal = {Proceedings of the 2020 IEEE Conference on Network Softwarization: Bridging the Gap Between AI and Network Softwarization, NetSoft 2020}, pages = {450-456}, publisher = {IEEE}, abstract = {Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. © 2020 IEEE.}, keywords = {Anomaly Detection, Anonymity, Cybersecurity, Forensics, Honeypots, Intrusion detection, Privacy, Smart Grid}, pubstate = {published}, tppubtype = {conference} } Information and Communication Technology (ICT) is an integral part of Critical Infrastructures (CIs), bringing both significant pros and cons. Focusing our attention on the energy sector, ICT converts the conventional electrical grid into a new paradigm called Smart Grid (SG), providing crucial benefits such as pervasive control, better utilisation of the existing resources, self-healing, etc. However, in parallel, ICT increases the attack surface of this domain, generating new potential cyberthreats. In this paper, we present the Secure and PrivatE smArt gRid (SPEAR) architecture which constitutes an overall solution aiming at protecting SG, by enhancing situational awareness, detecting timely cyberattacks, collecting appropriate forensic evidence and providing an anonymous cybersecurity information-sharing mechanism. Operational characteristics and technical specifications details are analysed for each component, while also the communication interfaces among them are described in detail. © 2020 IEEE. |
P. Diamantoulakis; C. Dalamagkas; P. Radoglou-Grammatikis; P. Sarigiannidis; G. Karagiannidis , "Game theoretic honeypot deployment in smart grid", Sensors (Switzerland), 20 (15), pp. 1-24, 2020. Journal Article Abstract | BibTeX | Tags: Cybersecurity, Game theory, Honeypots, Smart Grid | Links: @article{Diamantoulakis20201, title = {Game theoretic honeypot deployment in smart grid}, author = { P. Diamantoulakis and C. Dalamagkas and P. Radoglou-Grammatikis and P. Sarigiannidis and G. Karagiannidis}, url = {https://www.researchgate.net/publication/343188880_Game_Theoretic_Honeypot_Deployment_in_Smart_Grid}, doi = {10.3390/s20154199}, year = {2020}, date = {2020-01-01}, journal = {Sensors (Switzerland)}, volume = {20}, number = {15}, pages = {1-24}, abstract = {The smart grid provides advanced functionalities, including real-time monitoring, dynamic energy management, advanced pricing mechanisms, and self-healing, by enabling the two-way flow of power and data, as well as the use of Internet of Things (IoT) technologies and devices. However, converting the traditional power grids to smart grids poses severe security challenges and makes their components and services prone to cyber attacks. To this end, advanced techniques are required to mitigate the impact of the potential attacks. In this paper, we investigate the use of honeypots, which are considered to mimic the common services of the smart grid and are able to detect unauthorized accesses, collect evidence, and help hide the real devices. More specifically, the interaction of an attacker and a defender is considered, who both optimize the number of attacks and the defending system configuration, i.e., the number of real devices and honeypots, respectively, with the aim to maximize their individual payoffs. To solve this problem, game theoretic tools are used, considering an one-shot game and a repeated game with uncertainty about the payoff of the attacker, where the Nash Equilibrium (NE) and the Bayesian NE are derived, respectively. Finally, simulation results are provided, which illustrate the effectiveness of the proposed framework. © 2020 by the authors. Licensee MDPI, Basel, Switzerland.}, keywords = {Cybersecurity, Game theory, Honeypots, Smart Grid}, pubstate = {published}, tppubtype = {article} } The smart grid provides advanced functionalities, including real-time monitoring, dynamic energy management, advanced pricing mechanisms, and self-healing, by enabling the two-way flow of power and data, as well as the use of Internet of Things (IoT) technologies and devices. However, converting the traditional power grids to smart grids poses severe security challenges and makes their components and services prone to cyber attacks. To this end, advanced techniques are required to mitigate the impact of the potential attacks. In this paper, we investigate the use of honeypots, which are considered to mimic the common services of the smart grid and are able to detect unauthorized accesses, collect evidence, and help hide the real devices. More specifically, the interaction of an attacker and a defender is considered, who both optimize the number of attacks and the defending system configuration, i.e., the number of real devices and honeypots, respectively, with the aim to maximize their individual payoffs. To solve this problem, game theoretic tools are used, considering an one-shot game and a repeated game with uncertainty about the payoff of the attacker, where the Nash Equilibrium (NE) and the Bayesian NE are derived, respectively. Finally, simulation results are provided, which illustrate the effectiveness of the proposed framework. © 2020 by the authors. Licensee MDPI, Basel, Switzerland. |
Address
Internet of Things and Applications Lab
Department of Electrical and Computer Engineering
University of Western Macedonia Campus
ZEP Area, Kozani 50100
Greece
Contact Information
tel: +30 2461 056527
Email: ithaca@uowm.gr