Improving ICS security through Honeynets and Machine Learning techniques

Improving ICS security through Honeynets and Machine Learning techniques | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Improving ICS security through Honeynets and Machine Learning techniques Obieda Ananbeh This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-1333285/v2 This work is licensed under a CC BY 4.0 License Status: Posted Version 2 posted You are reading this latest preprint version Show more versions Abstract The internet of things(IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) can be seen everywhere, Home applications, Buildings, Cars, Space Industry, Military, Health Care, and in many other fields. On the other hand, they become an easier target for attackers, due to many reasons including the limitation of hardware, so from that point, companies start working to build a secure systems by keep themselves updated about their system threats and vulnerabilities, and also by studying how the attackers can gets into their system, how they act, what is the attack flow, and also the identity of the attackers by trapping and tricking them into believing that they have got access to the actual system or assets . And that’s what it's called a Honeypot. [1] As the technology keeps changing and becomes more powerful, so do the attackers, and for that reason companies should use new techniques to enhance Honeypots efficacy by making it undetectable by cybercriminals, more usable and make use of the information that the honeypots gather in a more efficient way. Moreover, Machine Learning (ML) techniques are able to provide intelligence to IoT, IIoT, and ICS systems and networks, and enhance its ability to deal with various security problems, hence, in this research, we are developing a new solution that improves the architecture of SCADA (An ICS System) by adding CamouflageNet Honeynet into it and ML techniques, in order to defend and acquisition system security performance. Industrial control system Cyber security Honeypot internet of things(IoT) Cyber-Physical Systems (CPS) Machine Learning (ML) Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 2 posted You are reading this latest preprint version Show more versions Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-1333285","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":82421852,"identity":"146bd605-c284-4924-9f26-c7f505649d9d","order_by":0,"name":"Obieda Ananbeh","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA5UlEQVRIiWNgGAWjYLACxgaGBH4GBmaGB2A2gwFxWiQbgFoSSNJicIBYLfzsZw9+Ltxhk2d8vPmxQULNHdkG9uZtEvi0SPbkJUvPPJNWbHbmmHFCwrFnxg08x8rwajE4kGMgzdt2OHHbjQTjAwlshxMbJHLM8Gs5/8b4N2/b/8TNM9I/H0j4B9Qi/4aAlhs5ZkBbDiRukMgxTkhsA9nCg1+L5Iw3Zta8Z5ITZ5w5U2yQ2HfYuI0nrdgCnxZ+/hzj27w77BL729s3S3z4dli2n/3wxhv4tGACNtKUj4JRMApGwSjABgDeNVAkXJumCgAAAABJRU5ErkJggg==","orcid":"","institution":"Oakland University","correspondingAuthor":true,"prefix":"","firstName":"Obieda","middleName":"","lastName":"Ananbeh","suffix":""}],"badges":[],"createdAt":"2022-02-07 02:10:39","currentVersionCode":2,"declarations":{"humanSubjects":false,"vertebrateSubjects":false,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":false},"doi":"10.21203/rs.3.rs-1333285/v2","doiUrl":"https://doi.org/10.21203/rs.3.rs-1333285/v2","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":89170135,"identity":"7ccdbaf8-3183-4407-8a62-021d06087c10","added_by":"auto","created_at":"2025-08-15 18:44:38","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":424977,"visible":true,"origin":"","legend":"","description":"","filename":"ImprovingICSsecuritythroughHoneynetsandMachineLearningtechniquesV4.pdf","url":"https://assets-eu.researchsquare.com/files/rs-1333285/v2_covered_82d1ac82-1450-4f4d-8758-f426555c4538.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eImproving ICS security through Honeynets and Machine Learning techniques\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"Oakland University","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Industrial control system, Cyber security, Honeypot, internet of things(IoT), Cyber-Physical Systems (CPS), Machine Learning (ML)","lastPublishedDoi":"10.21203/rs.3.rs-1333285/v2","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-1333285/v2","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eThe internet of things(IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) can be seen everywhere, Home applications, Buildings, Cars, Space Industry, Military, Health Care, and in many other fields. On the other hand, they become an easier target for attackers, due to many reasons including the limitation of hardware, so from that point, companies start working to build a secure systems by keep themselves updated about their system threats and vulnerabilities, and also by studying how the attackers can gets into their system, how they act, what is the attack flow, and also the identity of the attackers by trapping and tricking them into believing that they have got access to the actual system or assets . And that’s what it's called a Honeypot. [1] As the technology keeps changing and becomes more powerful, so do the attackers, and for that reason companies should use new techniques to enhance Honeypots efficacy by making it undetectable by cybercriminals, more usable and make use of the information that the honeypots gather in a more efficient way. Moreover, Machine Learning (ML) techniques are able to provide intelligence to IoT, IIoT, and ICS systems and networks, and enhance its ability to deal with various security problems, hence, in this research, we are developing a new solution that improves the architecture of SCADA (An ICS System) by adding CamouflageNet Honeynet into it and ML techniques, in order to defend and acquisition system security performance.\u003c/p\u003e","manuscriptTitle":"Improving ICS security through Honeynets and Machine Learning techniques","msid":"","msnumber":"","nonDraftVersions":[{"code":2,"date":"2025-08-15 18:28:31","doi":"10.21203/rs.3.rs-1333285/v2","editorialEvents":[{"type":"communityComments","content":1}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}},{"code":1,"date":"2022-02-08 17:49:59","doi":"10.21203/rs.3.rs-1333285/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"e8568729-fc86-4459-b809-610962be2936","owner":[],"postedDate":"August 15th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2022-02-08T17:49:59+00:00","versionOfRecord":[],"versionCreatedAt":"2025-08-15 18:28:31","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v2","identity":"rs-1333285","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-1333285","identity":"rs-1333285","version":["v2"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}