HENDRICS: A Hardware-in-the-Loop Testbed for Enhanced Intrusion Detection, Response and Recovery of Industrial Control Systems
摘要
Industrial Control Systems (ICS) automate processes across critical sectors like manufacturing, transport, and energy. The integration of Information Technology (IT) into historically isolated Operational Technology (OT) systems enhances efficiency but introduces vulnerabilities, particularly to cyberattacks such as those perpetrated by Advanced Persistent Threats. Intrusion detection systems, whether network-based (NIDS) or host-based (HIDS), are pivotal in safeguarding ICS, yet HIDS development faces challenges due to the closed-source nature of OT devices. To address these limitations, we present HENDRICS, an open-source testbed simulating a hydroelectric plant process. This platform embeds an open Programmable Logic Controller and an open Industrial IoT gateway in a Hardware-in-the-Loop (HitL) setup, enabling the research in the fields of intrusion detection, response, and recovery mechanisms, alongside being a realistic and affordable teaching platform. HENDRICS also provides 14 publicly available and documented attacks covering all Tactics and more than 67% of the Techniques from the MITRE ATT&CK for ICS matrix for the considered assets, encouraging reproducibility for advancing research and education. A comparative evaluation and future improvements are discussed.