Industrial Control Systems (ICS) automate processes across critical sectors like manufacturing, transport, and energy. The integration of Information Technology (IT) into historically isolated Operational Technology (OT) systems enhances efficiency but introduces vulnerabilities, particularly to cyberattacks such as those perpetrated by Advanced Persistent Threats. Intrusion detection systems, whether network-based (NIDS) or host-based (HIDS), are pivotal in safeguarding ICS, yet HIDS development faces challenges due to the closed-source nature of OT devices. To address these limitations, we present HENDRICS, an open-source testbed simulating a hydroelectric plant process. This platform embeds an open Programmable Logic Controller and an open Industrial IoT gateway in a Hardware-in-the-Loop (HitL) setup, enabling the research in the fields of intrusion detection, response, and recovery mechanisms, alongside being a realistic and affordable teaching platform. HENDRICS also provides 14 publicly available and documented attacks covering all Tactics and more than 67% of the Techniques from the MITRE ATT&CK for ICS matrix for the considered assets, encouraging reproducibility for advancing research and education. A comparative evaluation and future improvements are discussed.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

HENDRICS: A Hardware-in-the-Loop Testbed for Enhanced Intrusion Detection, Response and Recovery of Industrial Control Systems

  • Lalie Arnoud,
  • Zoë Lagache,
  • Pierre-Henri Thevenon,
  • Aloïs Champenois,
  • Victor Breux,
  • Maxime Puys,
  • Eric Gaussier,
  • Oum-El-Kheir Aktouf

摘要

Industrial Control Systems (ICS) automate processes across critical sectors like manufacturing, transport, and energy. The integration of Information Technology (IT) into historically isolated Operational Technology (OT) systems enhances efficiency but introduces vulnerabilities, particularly to cyberattacks such as those perpetrated by Advanced Persistent Threats. Intrusion detection systems, whether network-based (NIDS) or host-based (HIDS), are pivotal in safeguarding ICS, yet HIDS development faces challenges due to the closed-source nature of OT devices. To address these limitations, we present HENDRICS, an open-source testbed simulating a hydroelectric plant process. This platform embeds an open Programmable Logic Controller and an open Industrial IoT gateway in a Hardware-in-the-Loop (HitL) setup, enabling the research in the fields of intrusion detection, response, and recovery mechanisms, alongside being a realistic and affordable teaching platform. HENDRICS also provides 14 publicly available and documented attacks covering all Tactics and more than 67% of the Techniques from the MITRE ATT&CK for ICS matrix for the considered assets, encouraging reproducibility for advancing research and education. A comparative evaluation and future improvements are discussed.