Skip to content

0xnkc/virtuepot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

245 Commits

bottlefactory

bottlefactory

 
 

doc

doc

 
 

honeyd

honeyd

 
 

log

log

 
 

scada

scada

 
 

watertank

watertank

 
 

zeek

zeek

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

README.md

README.md

 
 

init.sh

init.sh

 
 

restart_docker_containers.sh

restart_docker_containers.sh

 
 

tcpdump_start.sh

tcpdump_start.sh

 
 

tcpdump_stop.sh

tcpdump_stop.sh

 
 

Repository files navigation


Logo

VIRTUEPOT

VIRTUEPOT: A High-Fidelity and High-Interaction Virtual Honeypot for Industrial Control Systems
Thesis available »

Mauro Conti · Federico Turrin · Nikhil Karakuchi Chidananda

📇 Abstract

Industrial Control Systems (ICS) are crucial in managing and supervising a wide range of industrial activities, including those in energy, manufacturing, and transportation. However, as these systems’ interconnection and digitalization increase, new cybersecurity concerns emerge, rendering them vulnerable to cyberattacks. To address these issues, this thesis investigates using honeypots as a proactive cybersecurity tool for protecting Industrial Control Systems. A honeypot is an effective standard tool to study attacks against the industrial control system and defense methods to protect from attackers. nowadays the ICS industry faces an increasing number of cyber threats, and the attacker’s capabilities become much better It become more challenging to create a honeypot that can be capable of detecting and responding to such an attack and efficiently logging the interactions and capturing the changes in the physical process. With our proposal we aimed to learn more about the attack patterns and behavior by use of the honeypot, we can get valuable Information about the latest Tactics, Techniques, and Procedures for attacks and their technical knowledge, and abilities. In this thesis, we presented a Virtuepot honeypot that mainly focuses on the physical interac tion and design of honeypots that properly simulate the behavior and services of real PLCs using dynamic service simulations. This might include more advanced simulations of industrial processes, communication protocols, and command responses. We deployed our honeypot in both the cloud and locally on-premise in VSIX Internet Exchange Point and collected the data for 61 days. The Honeypot experiment showed that the on-premise machine attracted more realistic attacks compared to cloud deployment.

Keywords: Cyber-physical system (CPS); Honeypot; Programmable Logic Controller (PLC); Industrial Control Systems (ICS); SCADA.

🧱 Architecture

Pipeline

⚙️ Installation

Prerequisites

OS requirements

To install Docker Engine, you need the 64-bit version of one of these Ubuntu versions:

  • Ubuntu Jammy 22.04 (LTS)
  • Ubuntu Focal 20.04 (LTS)
  • Ubuntu Bionic 18.04 (LTS)

Docker Engine is compatible with x86_64 (or amd64), armhf, arm64, and s390x architectures.

In order to install the honeypot, clone this repo and execute init.sh using the command:

git clone https://github.com/0xnkc/virtuepot/
cd virtuepot
chmod +x init.sh

./init.sh

(back to top)

About

A high interaction virtual ICS honeypot that simulates a PLC and provides physical process simulation.

Topics

docker honeypot virtual ics industrial-control-system

Resources

Readme
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages