2020
|
Siniosoglou, I; Efstathopoulos, G; Pliatsios, D; Moscholios, I D; Sarigiannidis, A; Sakellari, G; Loukas, G; Sarigiannidis, P NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks Conference NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks, University of Western Macedonia 2020, ISBN: 978-1-7281-8087-8. Abstract | Links | BibTeX @conference{9219712,
title = {NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks},
author = {I. {Siniosoglou} and G. {Efstathopoulos} and D. {Pliatsios} and I. D. {Moscholios} and A. {Sarigiannidis} and G. {Sakellari} and G. {Loukas} and P. {Sarigiannidis}},
url = {https://ieeexplore.ieee.org/document/9219712/},
doi = {10.1109/ISCC50000.2020.9219712},
isbn = {978-1-7281-8087-8},
year = {2020},
date = {2020-10-12},
booktitle = {NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks},
organization = {University of Western Macedonia},
abstract = {Honeypots are powerful security tools, developed to shield commercial and industrial networks from malicious activity. Honeypots act as passive and interactive decoys in a network attracting malicious activity and securing the rest of the network entities. Since an increase in intrusions has been observed lately, more advanced security systems are necessary. In this paper a new method of adapting a honeypot system in a modern industrial network, employing the Modbus protocol, is introduced. In the presented NeuralPot honeypot, two distinct deep neural network implementations are utilized to adapt to network Modbus entities and clone them, actively confusing the intruders. The proposed deep neural networks and their generated data are then compared.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Honeypots are powerful security tools, developed to shield commercial and industrial networks from malicious activity. Honeypots act as passive and interactive decoys in a network attracting malicious activity and securing the rest of the network entities. Since an increase in intrusions has been observed lately, more advanced security systems are necessary. In this paper a new method of adapting a honeypot system in a modern industrial network, employing the Modbus protocol, is introduced. In the presented NeuralPot honeypot, two distinct deep neural network implementations are utilized to adapt to network Modbus entities and clone them, actively confusing the intruders. The proposed deep neural networks and their generated data are then compared. |
Radoglou-Grammatikis, P; Siniosoglou, I; Liatifis, T; Kourouniadis, A; Rompolos, K; Sarigiannidis, P Implementation and Detection of Modbus Cyberattacks Conference Implementation and Detection of Modbus Cyberattacks, University of Western Macedonia 2020, ISBN: 978-1-7281-6688-9. Abstract | Links | BibTeX @conference{9200287,
title = {Implementation and Detection of Modbus Cyberattacks},
author = {P. {Radoglou-Grammatikis} and I. {Siniosoglou} and T. {Liatifis} and A. {Kourouniadis} and K. {Rompolos} and P. {Sarigiannidis}},
url = {https://ieeexplore.ieee.org/document/9200287},
doi = {10.1109/MOCAST49295.2020.9200287},
isbn = {978-1-7281-6688-9},
year = {2020},
date = {2020-09-18},
booktitle = {Implementation and Detection of Modbus Cyberattacks},
journal = {Implementation and Detection of Modbus Cyberattacks},
organization = {University of Western Macedonia},
abstract = {Supervisory Control and Data Acquisition (SCADA) systems play a significant role in Critical Infrastructures (CIs) since they monitor and control the automation processes of the industrial equipment. However, SCADA relies on vulnerable communication protocols without any cybersecurity mechanism, thereby making it possible to endanger the overall operation of the CI. In this paper, we focus on the Modbus/TCP protocol, which is commonly utilised in many CIs and especially in the electrical grid. In particular, our contribution is twofold. First, we study and enhance the cyberattacks provided by the Smod pen-testing tool. Second, we introduce an anomaly-based Intrusion Detection System (IDS) capable of detecting Denial of Service (DoS) cyberattacks related to Modbus/TCP. The efficacy of the proposed IDS is demonstrated by utilising real data stemming from a hydropower plant. The accuracy and the F1 score of the proposed IDS reach 81% and 77% respectively.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Supervisory Control and Data Acquisition (SCADA) systems play a significant role in Critical Infrastructures (CIs) since they monitor and control the automation processes of the industrial equipment. However, SCADA relies on vulnerable communication protocols without any cybersecurity mechanism, thereby making it possible to endanger the overall operation of the CI. In this paper, we focus on the Modbus/TCP protocol, which is commonly utilised in many CIs and especially in the electrical grid. In particular, our contribution is twofold. First, we study and enhance the cyberattacks provided by the Smod pen-testing tool. Second, we introduce an anomaly-based Intrusion Detection System (IDS) capable of detecting Denial of Service (DoS) cyberattacks related to Modbus/TCP. The efficacy of the proposed IDS is demonstrated by utilising real data stemming from a hydropower plant. The accuracy and the F1 score of the proposed IDS reach 81% and 77% respectively. |
2019
|
Pliatsios, Dimitrios; Sarigiannidis, Panagiotis; Liatifis, Thanasis; Rompolos, Konstantinos; Siniosoglou, Ilias A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure Conference A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure, University of Western Macedonia IEEE, 2019, ISBN: 978-1-7281-1017-2. Abstract | Links | BibTeX @conference{8858431,
title = {A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure},
author = {Dimitrios Pliatsios and Panagiotis Sarigiannidis and Thanasis Liatifis and Konstantinos Rompolos and Ilias Siniosoglou},
url = {https://ieeexplore.ieee.org/document/8858431},
doi = {10.1109/CAMAD.2019.8858431},
isbn = {978-1-7281-1017-2},
year = {2019},
date = {2019-10-07},
booktitle = {A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure},
journal = {A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure},
publisher = {IEEE},
organization = {University of Western Macedonia},
abstract = {The Industrial Control Systems (ICS) are the underlying monitoring and control components of critical infrastructures, which consist of a number of distributed field devices, such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs) and Human Machine Interfaces (HMIs). As modern ICS are connected to the Internet, in the context of their digitalization as a part of the Internet of Things (IoT) domain, a number of security threats are introduced, whose exploitation can lead to severe consequences. Honeypots and honeynets are promising countermeasures that attract attackers and mislead them from hacking the real infrastructure, while gaining valuable information about the attack patterns as well as the source of the attack. In this work, we implement an interactive, proof-of concept ICS honeypot, which is based on Conpot, that is able to emulate a physical ICS device, by replicating realistic traffic from the real device. As the honeypot runs inside a Virtual Machine, it is possible to emulate the entire organization's ICS infrastructure, a fact that is very important for the security of the modern critical infrastructure. In order to assess the proposed honeypot, a real-life demonstration scenario was designed, which involves a hydro power plant. The honeypot architecture is provided, while the structural components are presented in detail.
},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
The Industrial Control Systems (ICS) are the underlying monitoring and control components of critical infrastructures, which consist of a number of distributed field devices, such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs) and Human Machine Interfaces (HMIs). As modern ICS are connected to the Internet, in the context of their digitalization as a part of the Internet of Things (IoT) domain, a number of security threats are introduced, whose exploitation can lead to severe consequences. Honeypots and honeynets are promising countermeasures that attract attackers and mislead them from hacking the real infrastructure, while gaining valuable information about the attack patterns as well as the source of the attack. In this work, we implement an interactive, proof-of concept ICS honeypot, which is based on Conpot, that is able to emulate a physical ICS device, by replicating realistic traffic from the real device. As the honeypot runs inside a Virtual Machine, it is possible to emulate the entire organization's ICS infrastructure, a fact that is very important for the security of the modern critical infrastructure. In order to assess the proposed honeypot, a real-life demonstration scenario was designed, which involves a hydro power plant. The honeypot architecture is provided, while the structural components are presented in detail.
|
P. Radoglou-Grammatikis P. Sarigiannidis, Liatifis Apostolakos T T; Oikonomou, S An Overview of the Firewall Systems in the Smart Grid Paradigm Conference An Overview of the Firewall Systems in the Smart Grid Paradigm, University of Western Macedonia Department of Informatics & Telecommunications Engineering, 2019, ISBN: 978-1-5386-7273-0. Abstract | Links | BibTeX @conference{8635747,
title = {An Overview of the Firewall Systems in the Smart Grid Paradigm},
author = {P. Radoglou-Grammatikis, P. Sarigiannidis, T. Liatifis, T. Apostolakos, and S. Oikonomou},
url = {https://ieeexplore.ieee.org/document/8635747},
doi = {10.1109/GIIS.2018.8635747},
isbn = {978-1-5386-7273-0},
year = {2019},
date = {2019-02-07},
booktitle = {An Overview of the Firewall Systems in the Smart Grid Paradigm},
publisher = {Department of Informatics & Telecommunications Engineering},
organization = {University of Western Macedonia},
abstract = {The multiple interconnections and the heterogeneity of the devices and technologies into the Smart Grid (SG) generate possible cyber-physical security vulnerabilities that can be exploited by various cyberattackers. The cyberattacks in SG, usually target the availability and the information integrity of the systems. Replay attacks, Denial of Service (DoS), Distributed DoS (DDoS) and botnets are typical examples. Furthermore, the hacking tools have been largely automated, so even a novice can execute destructive cyberattacks. These situations make it necessary to develop efficient firewall systems that can prevent possible cyberattacks. In this paper, we present an overview of the various firewall systems in the SG paradigm and also we provide new research directions in this field.
},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
The multiple interconnections and the heterogeneity of the devices and technologies into the Smart Grid (SG) generate possible cyber-physical security vulnerabilities that can be exploited by various cyberattackers. The cyberattacks in SG, usually target the availability and the information integrity of the systems. Replay attacks, Denial of Service (DoS), Distributed DoS (DDoS) and botnets are typical examples. Furthermore, the hacking tools have been largely automated, so even a novice can execute destructive cyberattacks. These situations make it necessary to develop efficient firewall systems that can prevent possible cyberattacks. In this paper, we present an overview of the various firewall systems in the SG paradigm and also we provide new research directions in this field.
|