Containerized Testbed Architecture for Cybersecurity Data Collection on Malicious Activities in Industrial Water Systems

Carlos Henrique Jorge; Luiz Nacamura Jr; Ana Cristina Barreiras Kochem Vendramin

doi:10.5753/jbcs.2025.5358

Authors

Carlos Henrique Jorge Federal University of Technology – Paraná https://orcid.org/0009-0009-4255-7150
Luiz Nacamura Jr Federal University of Technology – Paraná https://orcid.org/0000-0003-2847-5369
Ana Cristina Barreiras Kochem Vendramin Federal University of Technology – Paraná https://orcid.org/0000-0002-1234-0884

DOI:

https://doi.org/10.5753/jbcs.2025.5358

Keywords:

Industrial Control Systems, Industrial Water Systems, Cybersecurity, Containerization

Abstract

Detecting malicious activities in Information Technology (IT) is a critical component of cybersecurity and is essential for identifying threats and attacks on systems, networks, and resources. However, security of industrial control systems, an area of increasing concern due to the convergence of IT with Operational Technology (OT), requires new approaches. This work proposes a novel containerized testbed architecture for industrial water systems, implemented using open-source technologies and structured according to the Purdue reference model, which is widely used in industrial control and automation systems. The architecture aims to provide a secure and efficient environment. The experiments demonstrate that the proposed architecture enables the simulation of computational devices behavior in water systems under different scenarios, allowing data to be collected for the detection of malicious activities, such as denial-of-service attacks and command injection. The results highlight the architecture's relevance to advancing research and development efforts aimed at enhancing the security of critical water infrastructure.

Downloads

Download data is not yet available.

References

Ahmed, C. M., Palleti, V. R., and Mathur, A. P. (2017). WADI: a water distribution testbed for research in the design of secure cyber physical systems. In Proceedings of the 3rd International Workshop on Cyber-Physical Systems for Smart Water Networks, pages 25-28, Pittsburgh Pennsylvania. ACM. DOI: 10.1145/3055366.3055375.

Almalawi, A., Tari, Z., Khalil, I., and Fahad, A. (2013). SCADAVT-A framework for SCADA security testbed based on virtualization technology. In 38th Annual IEEE Conference on Local Computer Networks, pages 639-646, Sydney, NSW. IEEE. DOI: 10.1109/LCN.2013.6761301.

Ani, U. and Watson, J. (2021). What makes an industrial control system security testbed credible and acceptable? towards a design consideration framework. In 11th International Conference on Simulation and Modeling Methodologies, Technologies and Applications. DOI: 10.5220/0010170301810190.

ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS (2023). Abnt iec/ts 62443-1-1:2023: Redes de comunicação industrial — segurança do sistema e da rede - terminologia, conceitos e modelos. Technical report, ABNT. Available online [link].

Bhattacharya, S., Hyder, B., and Govindarasu, M. (2022). Ics-ctm2: Industrial control system cybersecurity testbed maturity model. In 2022 Resilience Week (RWS), pages 1-6. DOI: 10.1109/RWS55399.2022.9984023.

Branquinho, T. and Branquinho, M. (2021). Segurança Cibernética Industrial. Alta Books. Book.

Carvalho, R. and Santos, A. (2015). Honeypots e sua importância na defesa cibernética das infraestruturas críticas do setor elétrico. EletroEvolução - Sistemas de Potência, 81:30-35. Available online [link].

Conti, M., Donadel, D., and Turrin, F. (2021). A Survey on Industrial Control System Testbeds and Datasets for Security Research. IEEE Communications Surveys & Tutorials, 23(4):2248-2294. DOI: 10.1109/COMST.2021.3094360.

da Silva, V. G., Kirikova, M., and Alksnis, G. (2018). Containers for virtualization: An overview. Applied Computer Systems, 23(1):21-27. DOI: 10.2478/acss-2018-0003.

Dawson, M. (2018). Cyber Security in Industry 4.0: The Pitfalls of Having Hyperconnected Systems. Journal of Strategic Management Studies, 10(1):19-28. DOI: 10.24760/iasme.10.1_19.

Ekisa, C., Briain, D. O., and Kavanagh, Y. (2021). An open-source testbed to visualise ics cybersecurity weaknesses and remediation strategies – a research agenda proposal. In 2021 32nd Irish Signals and Systems Conference (ISSC), pages 1-6. DOI: 10.1109/ISSC52156.2021.9467852.

Elasticsearch (2024). Elastic stack. [link].

Erl, T. and Monroy, E. B. (2024). Computação em Nuvem: Conceitos, Tecnologia, Segurança e Arquitetura. Bookman, Porto Alegre, 2 edition. Book.

Fraunholz, D., Zimmermann, M., and Schotten, H. D. (2021). An adaptive honeypot configuration, deployment and maintenance strategy. CoRR, abs/2111.03884. DOI: 10.48550/arXiv.2111.03884.

Garimella, P. K. (2018). IT-OT Integration Challenges in Utilities. In 2018 IEEE 3rd International Conference on Computing, Communication and Security (ICCCS), pages 199-204, Kathmandu. IEEE. DOI: 10.1109/CCCS.2018.8586807.

Ghadim, A. D., Balador, A., Moghadam, M. H., Hansson, H., and Conti, M. (2023). ICSSIM - a framework for building industrial control systems security testbeds. Computers in Industry, 148. DOI: 10.1016/j.compind.2023.103906.

Green, B., Derbyshire, R., Knowles, W., Boorman, J., Ciholas, P., Prince, D., and Hutchison, D. (2020). ICS testbed tetris: Practical building blocks towards a cyber security resource. In 13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20). USENIX Association. Available online [link].

Hassanzadeh, A., Rasekh, A., Galelli, S., Aghashahi, M., Taormina, R., Ostfeld, A., and Banks, K. (2020). A Review of Cybersecurity Incidents in the Water Sector. Journal of Environmental Engineering, 146(5):03120003. DOI: 10.1061/(ASCE)EE.1943-7870.0001686.

Knapp, E. (2024). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Syngress. Book.

Lasi, H., Fettke, P., Kemper, H.-G., Feld, T., and Hoffmann, M. (2014). Industry 4.0. Business & Information Systems Engineering, 6(4):239-242. DOI: 10.1007/s12599-014-0334-4.

Mathur, A. P. and Tippenhauer, N. O. (2016). SWaT: a water treatment testbed for research and training on ICS security. In 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater), pages 31-36, Vienna, Austria. IEEE. DOI: 10.1109/CySWater.2016.7469060.

Merkel, D. (2014). Docker: lightweight linux containers for consistent development and deployment. Linux journal, (239):2. Available online [link].

Meyer, B. H., Gemmer, D. D., Andrade, A. M., Mello, E. R. d., Nogueira, M., and Wangham, M. S. (2022). Criação de Redes Virtuais no MENTORED Testbed: Uma Análise Experimental. In Anais do I Workshop de Testbeds (WTESTBEDS 2022), pages 24-35, Brasil. Sociedade Brasileira de Computação. DOI: 10.5753/wtestbeds.2022.223308.

MITRE Corporation (2024). Ics attack techniques. https://attack.mitre.org/techniques/ics/.

Mocker, K. M. and Foss, S. P. (2018). Docker: Up and Running: Shipping Reliable Containers in Production. O'Reilly Media. Book.

Mullet, V., Sondi, P., and Ramat, E. (2021). A Review of Cybersecurity Guidelines for Manufacturing Factories in Industry 4.0. IEEE Access, 9:23235-23263. DOI: 10.1109/ACCESS.2021.3056650.

Naruoka, H., Matsuta, M., Machii, W., Aoyama, T., Koike, M., Koshijima, I., and Hashimoto, Y. (2015). ICS Honeypot System (CamouflageNet) Based on Attacker's Human Factors. Procedia Manufacturing, 3:1074-1081. DOI: 10.1016/j.promfg.2015.07.175.

Nicolaio, I., Munaretto, A., and Fonseca, M. (2023). Uma proposta de detecção de ataques cibernéticos em sistemas de controle industrial (ics). In Anais do XXVIII Workshop de Gerência e Operação de Redes e Serviços, pages 153-166, Porto Alegre, RS, Brasil. SBC. DOI: 10.5753/wgrs.2023.765.

Ogie, R. I. (2017). Cyber security incidents on critical infrastructure and industrial networks. In Proceedings of the 9th International Conference on Computer and Automation Engineering, ICCAE '17, page 254–258, New York, NY, USA. Association for Computing Machinery. DOI: 10.1145/3057039.3057076.

Osnat, R. (2020). A brief history of containers: From the 1970s till now. Available online [link].

Ozçelik, I., Iskefiyeli, M., Balta, M., Akpinar, K. O., and Toker, F. S. (2021). Center water: A secure testbed infrastructure proposal for waste and potable water management. In 2021 9th International Symposium on Digital Forensics and Security (ISDFS), pages 1-7. DOI: 10.1109/ISDFS52919.2021.9486364.

Prates, N. G., Andrade, A. M., Mello, E. R. d., Wangham, M. S., and Nogueira, M. (2021). Um Ambiente de Experimentação em Cibersegurança para Internet das Coisas. In Anais do VI Workshop do Testbed FIBRE (WFIBRE 2021), pages 68-79, Brasil. Sociedade Brasileira de Computação. DOI: 10.5753/fibre.2021.15771.

Prinsloo, J., Sinha, S., and von Solms, B. (2019). A Review of Industry 4.0 Manufacturing Process Security Risks. APPLIED SCIENCES-BASEL, 9(23). DOI: 10.3390/app9235105.

Queiroz, R., Cruz, T., Mendes, J., Sousa, P., and Simões, P. (2023). Container-based virtualization for real-time industrial systems—a systematic review. ACM Comput. Surv., 56(3). DOI: 10.1145/3617591.

Radvanovsky, R., Brodsky, J., and Look, B. G. (2020). Handbook of Scada/Control Systems Security. Routledge. DOI: 10.1201/b19545.

RNP (2023). Testbed.[link]

Skiba, R. (2020). Water industry cyber security human resources and training needs. International Journal of Engineering Management, 4:11-16. DOI: 10.11648/j.ijem.20200401.12.

Stouffer, K. A., Pease, M., Tang, C., Zimmerman, T., Pillitteri, V. Y., Lightman, S., Hahn, A., Saravia, S., Sherule, A., and Thompson, M. (2023). Nist sp 800-82r3: Guide to operational technology (ot) security. DOI: h10.6028/NIST.SP.800-82r3.

Teixeira, M., Salman, T., Zolanvari, M., Jain, R., Meskin, N., and Samaka, M. (2018). SCADA System Testbed for Cybersecurity Research Using Machine Learning Approach. Future Internet, 10(8):76. DOI: 10.3390/fi10080076.

Tuptuk, N., Hazell, P., Watson, J., and Hailes, S. (2021). A systematic review of the state of cyber-security in water systems. Water (Switzerland), 13(1). DOI: 10.3390/w13010081.

Vasquez, G., Miani, R., and Zarpelão, B. (2017). Flow-based intrusion detection for scada networks using supervised learning. Anais do XVII Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 168-181. DOI: 10.5753/sbseg.2017.19498.

Williams, T. (1993). The purdue enterprise reference architecture. IFAC Proceedings Volumes, 26(2, Part 4):559-564. DOI: 10.1016/S1474-6670(17)48532-6.

Yu, X. and Guo, H. (2019). A Survey on IIoT Security. In 2019 IEEE VTS Asia Pacific Wireless Communications Symposium (APWCS), pages 1-5, Singapore. IEEE. DOI: 10.1109/VTS-APWCS.2019.8851679.