EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Investigating Threats to ICS and SCADA Systems Via Honeypot Data Analysis and SIEM

Tameem ud Din, Usman Zia1, Mahnoor, Laiq Hasan, Syed M. Ali Uddin Hafee ()
Additional contact information
Tameem ud Din, Usman Zia1, Mahnoor, Laiq Hasan, Syed M. Ali Uddin Hafee: University of Engineering and TechnologyPeshawarPakistan, NED University of Engineering and Technology Karachi, Pakistan

International Journal of Innovations in Science & Technology, 2024, vol. 6, issue 5, 189-197

Abstract: Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) are crucial for managing essential infrastructure, but their exposure to the internet has made them vulnerable to cyber threats, which can lead to significant consequences. This study presents an innovative approach to investigating cyber threats to SCADA and ICS systems by combining open-source honeypot deployment, log analysis, and integration with open-source SIEM solutions to enhance threat detection capabilities and incident response. A Conpot honeypot was deployed in a containerized environment on a cloud platform and exposed to the internet to collect real-world threat data, which was then analyzed by the Wazuh SIEM solution and integrated with TheHive for security orchestration and automated response. The analysis of the honeypot logs and SIEM alerts revealed various types of attacks, including brute force login attempts, reconnaissance and vulnerability scanning, and unauthorized access attempts, originating from multiple countries and targeting different industrial protocols. The integration with TheHive enabled the creation of playbooks for automating response actions, such as blocking malicious IP addresses or isolating infected systems. The study demonstrates the effectiveness of this combined approach using open-source tools in protecting critical infrastructure and enhancing cybersecurity posture for SCADA and ICS systems.

Keywords: ICS; SCADA; OT; Honeypot; Critical Infrastructure Protection (search for similar items in EconPapers)
Date: 2024
References: Add references at CitEc
Citations:

Downloads: (external link)
https://journal.50sea.com/index.php/IJIST/article/view/785/1372 (application/pdf)
https://journal.50sea.com/index.php/IJIST/article/view/785 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:abq:ijist1:v:6:y:2024:i:5:p:189-197

Access Statistics for this article

International Journal of Innovations in Science & Technology is currently edited by Prof. Dr. Syed Amer Mahmood

More articles in International Journal of Innovations in Science & Technology from 50sea
Bibliographic data for series maintained by Iqra Nazeer ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-10-22
Handle: RePEc:abq:ijist1:v:6:y:2024:i:5:p:189-197