With the advent of smart industry, Industrial Control Systems (ICS) are increasingly using Cloud, IoT, and other services to meet Industry 4.0 targets. The connectivity inherent in these services exposes such systems to increased cybersecurity risks. To protect ICSs against cyberattacks, intrusion detection systems and intrusion prevention systems empowered by machine learning are used to detect abnormal behavior of the systems. Operational ICSs are not safe environments to research intrusion detection systems due to the possibility of catastrophic risks. Therefore, realistic ICS testbeds enable researchers to analyze and validate their intrusion detection algorithms in a controlled environment. Although various ICS testbeds have been developed, researchers' access to a low-cost, adaptable, and customizable testbed that can accurately simulate industrial control systems and suits security research is still an important issue. In this paper, we present ICSSIM, a framework for building customized virtual ICS security testbeds, in which various types of cyber threats and attacks can be effectively and efficiently investigated. This framework contains base classes to simulate control system components and communications. ICSSIM aims to produce extendable, versatile, reproducible, low-cost, and comprehensive ICS testbeds with realistic details and high fidelity. ICSSIM is built on top of the Docker container technology, which provides realistic network emulation and runs ICS components on isolated private operating system kernels. ICSSIM reduces the time for developing ICS components and offers physical process modelling using software and hardware in the loop simulation. We demonstrated ICSSIM by creating a testbed and validating its functionality by showing how different cyberattacks can be applied.
翻译:随着智能产业的出现,工业控制系统(ICS)正越来越多地使用云、IOT和其他服务来达到工业4.0的目标。这些服务所固有的连通性使这类系统暴露于网络安全风险的增加。为了保护ICS免遭网络攻击,使用机器学习增强的入侵探测系统和入侵预防系统来检测系统的异常行为。运行ICS不是研究入侵探测系统的安全环境,因为有可能发生灾难性风险。因此,现实的ICS测试台使研究人员能够分析和验证其在受控制环境中的入侵检测算法。虽然已经开发了ICS的各种测试台,但研究人员使用低成本、可调整和可定制的测试台仍然很重要,能够准确模拟工业控制系统并适合安全研究。在本文件中,我们介绍ICSIM为建立定制的虚拟IPCS安全测试台框架,在这个框架内,各种网络威胁和攻击可以有效和高效地调查。这个框架包括基础课程,以模拟在受控制环境下的系统内部结构模型和通信。ICSIMIM旨在制作一个可扩展、可调用、可复制、可调整和可定制的、可定制的测试的测试床床床位,能够准确模拟其高端运行的ICSAS系统。我们用高CS测试和全面测试运行的系统,用高CSSAS测试系统,通过高CSAS测试系统,通过高CSAS测试和运行的运行系统系统,通过高CS提供高CS 降低高CS提供高CS测试系统,在高CS测试系统,在高CS的运行的运行的运行的运行的系统,可以降低高CS。