Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet

Karim Chehab; Walid Aljoby; Bennet Ng; Muhammad M. Roomi; Ertem Esiner; Daisuke Mashima

doi:10.1109/SmartGridComm65349.2025.11204583

Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet

Karim Chehab^*
, Walid Aljoby
, Bennet Ng
, Muhammad M. Roomi
, Ertem Esiner
, Daisuke Mashima

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Honeypots are valuable tools for collecting real-world attack data and threat intelligence, and a network of honeypots, also called honeynet, further allows us to observe attackers' behavior after their penetration into the infrastructure. Yet, designing and implementing high-fidelity honeynets for smart grid systems remains challenging. Besides the scarcity of available implementations, most of the honeypots available for smart grid offer imitation of a single device (e.g., PLC), and the setup of such devices in a desired topology requires a significant amount of manual configuration efforts. To address the challenge, this paper presents the first-of-its-kind framework for automated instantiation of operational smart-grid honeynets based on user-provided configurations, by extending the automated cyber range generation toolchains, called SG-ML. The developed framework not only facilitates the development of high-fidelity smart grid honeynets but also operation of such honeypot, such as re-configuration and restoration. Our framework integrates and orchestrates configuration of multiple open-source tools, such as Honeyd and HoneyPLC, according to user preferences, for deception. Moreover, multiple communication protocols, Modbus, OPC UA, Siemens S7comm, in addition to IEC 61850, are supported for flexibility. We also tackle a challenge on systematic evaluation of smart grid honeynets. In this direction, in addition to conducting qualitative assessment based on the established taxonomy of fingerprinting tactics, we further develop a toolchain on MITRE Caldera platform for evaluating the deception and logging capabilities of smart grid honeypots/honeynets. The honeynet generation framework and evaluation toolchain will be open-sourced for smart grid R&D community.

Original language	English
Title of host publication	2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9798331520847
DOIs	https://doi.org/10.1109/SmartGridComm65349.2025.11204583
State	Published - 2025
Event	2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - North York, Canada Duration: 29 Sep 2025 → 2 Oct 2025

Publication series

Name	2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings

Conference

Conference	2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025
Country/Territory	Canada
City	North York
Period	29/09/25 → 2/10/25

Bibliographical note

Publisher Copyright:
© 2025 IEEE.

Keywords

automation
cybersecurity
deception
honeypots
Smart grid

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Computer Science Applications
Energy Engineering and Power Technology
Safety, Risk, Reliability and Quality
Control and Optimization

Access to Document

10.1109/SmartGridComm65349.2025.11204583

Cite this

Chehab, K., Aljoby, W., Ng, B., Roomi, M. M., Esiner, E., & Mashima, D. (2025). Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet. In 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings (2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm65349.2025.11204583

Chehab, Karim ; Aljoby, Walid ; Ng, Bennet et al. / Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet. 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings).

@inproceedings{6452e4ee070e4810b6d0aeef7cec6570,

title = "Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet",

abstract = "Honeypots are valuable tools for collecting real-world attack data and threat intelligence, and a network of honeypots, also called honeynet, further allows us to observe attackers' behavior after their penetration into the infrastructure. Yet, designing and implementing high-fidelity honeynets for smart grid systems remains challenging. Besides the scarcity of available implementations, most of the honeypots available for smart grid offer imitation of a single device (e.g., PLC), and the setup of such devices in a desired topology requires a significant amount of manual configuration efforts. To address the challenge, this paper presents the first-of-its-kind framework for automated instantiation of operational smart-grid honeynets based on user-provided configurations, by extending the automated cyber range generation toolchains, called SG-ML. The developed framework not only facilitates the development of high-fidelity smart grid honeynets but also operation of such honeypot, such as re-configuration and restoration. Our framework integrates and orchestrates configuration of multiple open-source tools, such as Honeyd and HoneyPLC, according to user preferences, for deception. Moreover, multiple communication protocols, Modbus, OPC UA, Siemens S7comm, in addition to IEC 61850, are supported for flexibility. We also tackle a challenge on systematic evaluation of smart grid honeynets. In this direction, in addition to conducting qualitative assessment based on the established taxonomy of fingerprinting tactics, we further develop a toolchain on MITRE Caldera platform for evaluating the deception and logging capabilities of smart grid honeypots/honeynets. The honeynet generation framework and evaluation toolchain will be open-sourced for smart grid R\&D community.",

keywords = "automation, cybersecurity, deception, honeypots, Smart grid",

author = "Karim Chehab and Walid Aljoby and Bennet Ng and Roomi, \{Muhammad M.\} and Ertem Esiner and Daisuke Mashima",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 ; Conference date: 29-09-2025 Through 02-10-2025",

year = "2025",

doi = "10.1109/SmartGridComm65349.2025.11204583",

language = "English",

series = "2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings",

address = "United States",

}

Chehab, K, Aljoby, W, Ng, B, Roomi, MM, Esiner, E & Mashima, D 2025, Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet. in 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings. 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings, Institute of Electrical and Electronics Engineers Inc., 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025, North York, Canada, 29/09/25. https://doi.org/10.1109/SmartGridComm65349.2025.11204583

Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet. / Chehab, Karim; Aljoby, Walid; Ng, Bennet et al.
2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2025. (2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet

AU - Chehab, Karim

AU - Aljoby, Walid

AU - Ng, Bennet

AU - Roomi, Muhammad M.

AU - Esiner, Ertem

AU - Mashima, Daisuke

PY - 2025

Y1 - 2025

N2 - Honeypots are valuable tools for collecting real-world attack data and threat intelligence, and a network of honeypots, also called honeynet, further allows us to observe attackers' behavior after their penetration into the infrastructure. Yet, designing and implementing high-fidelity honeynets for smart grid systems remains challenging. Besides the scarcity of available implementations, most of the honeypots available for smart grid offer imitation of a single device (e.g., PLC), and the setup of such devices in a desired topology requires a significant amount of manual configuration efforts. To address the challenge, this paper presents the first-of-its-kind framework for automated instantiation of operational smart-grid honeynets based on user-provided configurations, by extending the automated cyber range generation toolchains, called SG-ML. The developed framework not only facilitates the development of high-fidelity smart grid honeynets but also operation of such honeypot, such as re-configuration and restoration. Our framework integrates and orchestrates configuration of multiple open-source tools, such as Honeyd and HoneyPLC, according to user preferences, for deception. Moreover, multiple communication protocols, Modbus, OPC UA, Siemens S7comm, in addition to IEC 61850, are supported for flexibility. We also tackle a challenge on systematic evaluation of smart grid honeynets. In this direction, in addition to conducting qualitative assessment based on the established taxonomy of fingerprinting tactics, we further develop a toolchain on MITRE Caldera platform for evaluating the deception and logging capabilities of smart grid honeypots/honeynets. The honeynet generation framework and evaluation toolchain will be open-sourced for smart grid R&D community.

AB - Honeypots are valuable tools for collecting real-world attack data and threat intelligence, and a network of honeypots, also called honeynet, further allows us to observe attackers' behavior after their penetration into the infrastructure. Yet, designing and implementing high-fidelity honeynets for smart grid systems remains challenging. Besides the scarcity of available implementations, most of the honeypots available for smart grid offer imitation of a single device (e.g., PLC), and the setup of such devices in a desired topology requires a significant amount of manual configuration efforts. To address the challenge, this paper presents the first-of-its-kind framework for automated instantiation of operational smart-grid honeynets based on user-provided configurations, by extending the automated cyber range generation toolchains, called SG-ML. The developed framework not only facilitates the development of high-fidelity smart grid honeynets but also operation of such honeypot, such as re-configuration and restoration. Our framework integrates and orchestrates configuration of multiple open-source tools, such as Honeyd and HoneyPLC, according to user preferences, for deception. Moreover, multiple communication protocols, Modbus, OPC UA, Siemens S7comm, in addition to IEC 61850, are supported for flexibility. We also tackle a challenge on systematic evaluation of smart grid honeynets. In this direction, in addition to conducting qualitative assessment based on the established taxonomy of fingerprinting tactics, we further develop a toolchain on MITRE Caldera platform for evaluating the deception and logging capabilities of smart grid honeypots/honeynets. The honeynet generation framework and evaluation toolchain will be open-sourced for smart grid R&D community.

KW - automation

KW - cybersecurity

KW - deception

KW - honeypots

KW - Smart grid

UR - https://www.scopus.com/pages/publications/105022137921

U2 - 10.1109/SmartGridComm65349.2025.11204583

DO - 10.1109/SmartGridComm65349.2025.11204583

M3 - Conference contribution

AN - SCOPUS:105022137921

T3 - 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings

BT - 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025

Y2 - 29 September 2025 through 2 October 2025

ER -

Chehab K, Aljoby W, Ng B, Roomi MM, Esiner E, Mashima D. Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet. In 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2025. (2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, SmartGridComm 2025 - Proceedings). doi: 10.1109/SmartGridComm65349.2025.11204583

Automated Generation of Configurable, High-Fidelity, Smart Grid Honeynet

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this