MimePot: a Model-based Honeypot for Industrial Control Networks

Complex and heterogeneous systems characterize the Industry 4.0. Due to the Information Technology (IT) convergence towards the Operational Technology (OT), the development of innovative cyber-physical security tools represents a milestone for the Industrial Control Systems (ICSs) protection. In this context, honeypots are systems used as decoys to detect and analyze malicious actions. However, industrial networks require specific honeypot development capabilities.In this work, we present MimePot, a cyber-physical honeypot conceived for industrial control networks. Compared to classic honeypots, MimePot offers a model-based approach: it is able to simulate physical processes to lure skilled attackers targeting industrial plants. Moreover, MimePot uses the Software Defined Networking (SDN) technology to provide a consistent future proof security approach. We demonstrate the usefulness of MimePot performing data integrity attacks against a water distribution system in a simulated environment.