A Generative Model Based Honeypot for Industrial OPC UA Communication
This addresses the problem of cyber-attack detection in industrial OT systems for Industry 4.0, though it is incremental as it builds on existing honeypot and generative model concepts.
The paper tackles the challenge of creating realistic honeypots for industrial OPC UA communication in brownfield systems by introducing a generative model-based honeypot that uses an LSTM network to mimic a cyclic industrial process, demonstrating feasibility with stable short-term trajectory generation and efficient operation on constrained hardware.
Industrial Operational Technology (OT) systems are increasingly targeted by cyber-attacks due to their integration with Information Technology (IT) systems in the Industry 4.0 era. Besides intrusion detection systems, honeypots can effectively detect these attacks. However, creating realistic honeypots for brownfield systems is particularly challenging. This paper introduces a generative model-based honeypot designed to mimic industrial OPC UA communication. Utilizing a Long ShortTerm Memory (LSTM) network, the honeypot learns the characteristics of a highly dynamic mechatronic system from recorded state space trajectories. Our contributions are twofold: first, we present a proof-of concept for a honeypot based on generative machine-learning models, and second, we publish a dataset for a cyclic industrial process. The results demonstrate that a generative model-based honeypot can feasibly replicate a cyclic industrial process via OPC UA communication. In the short-term, the generative model indicates a stable and plausible trajectory generation, while deviations occur over extended periods. The proposed honeypot implementation operates efficiently on constrained hardware, requiring low computational resources. Future work will focus on improving model accuracy, interaction capabilities, and extending the dataset for broader applications.