ICSSIM-A Framework for Building Industrial Control Systems Security Simulation Testbeds

TL;DR

ICSSIM is a flexible, low-cost framework for creating realistic virtual industrial control system testbeds using Docker, enabling safe, customizable security research and validation of intrusion detection methods.

Contribution

The paper introduces ICSSIM, a novel framework that simplifies building customizable, high-fidelity ICS security testbeds with realistic network and physical process simulation.

Findings

ICSSIM effectively simulates cyber threats and attacks.

The framework reduces development time for ICS testbeds.

Validation shows realistic attack scenarios can be tested.

Abstract

With the advent of smart industry, Industrial Control Systems (ICS) are increasingly using Cloud, IoT, and other services to meet Industry 4.0 targets. The connectivity inherent in these services exposes such systems to increased cybersecurity risks. To protect ICSs against cyberattacks, intrusion detection systems and intrusion prevention systems empowered by machine learning are used to detect abnormal behavior of the systems. Operational ICSs are not safe environments to research intrusion detection systems due to the possibility of catastrophic risks. Therefore, realistic ICS testbeds enable researchers to analyze and validate their intrusion detection algorithms in a controlled environment. Although various ICS testbeds have been developed, researchers' access to a low-cost, adaptable, and customizable testbed that can accurately simulate industrial control systems and suits security research is still an important issue. In this paper, we present ICSSIM, a framework for building customized virtual ICS security testbeds, in which various types of cyber threats and attacks can be effectively and efficiently investigated. This framework contains base classes to simulate control system components and communications. ICSSIM aims to produce extendable, versatile, reproducible, low-cost, and comprehensive ICS testbeds with realistic details and high fidelity. ICSSIM is built on top of the Docker container technology, which provides realistic network emulation and runs ICS components on isolated private operating system kernels. ICSSIM reduces the time for developing ICS components and offers physical process modelling using software and hardware in the loop simulation. We demonstrated ICSSIM by creating a testbed and validating its functionality by showing how different cyberattacks can be applied.