Industrial Operational Technology (OT) systems are increasingly targeted by cyber-attacks due to their integration with Information Technology (IT) systems in the Industry 4.0 era. Besides intrusion detection systems, honeypots can effectively detect these attacks. However, creating realistic honeypots for brownfield systems is particularly challenging. This paper introduces a generative model-based honeypot designed to mimic industrial OPC UA communication. Utilizing a Long ShortTerm Memory (LSTM) network, the honeypot learns the characteristics of a highly dynamic mechatronic system from recorded state space trajectories. Our contributions are twofold: first, we present a proof-of concept for a honeypot based on generative machine-learning models, and second, we publish a dataset for a cyclic industrial process. The results demonstrate that a generative model-based honeypot can feasibly replicate a cyclic industrial process via OPC UA communication. In the short-term, the generative model indicates a stable and plausible trajectory generation, while deviations occur over extended periods. The proposed honeypot implementation operates efficiently on constrained hardware, requiring low computational resources. Future work will focus on improving model accuracy, interaction capabilities, and extending the dataset for broader applications.

翻译：在工业4.0时代，工业运营技术（OT）系统因与信息技术（IT）系统融合而日益成为网络攻击的目标。除入侵检测系统外，蜜罐能有效检测此类攻击。然而，为棕地系统创建逼真的蜜罐尤为困难。本文提出一种基于生成模型的蜜罐，旨在模拟工业OPC UA通信。该蜜罐利用长短期记忆（LSTM）网络，从记录的状态空间轨迹中学习高动态机电系统的特征。我们的贡献包括两方面：首先，提出了基于生成式机器学习模型的蜜罐概念验证；其次，发布了循环工业过程的数据集。结果表明，基于生成模型的蜜罐能够通过OPC UA通信可行地复现循环工业过程。在短期内，生成模型表现出稳定且合理的轨迹生成能力，但在较长时间范围内会出现偏差。所提出的蜜罐实现在受限硬件上运行高效，计算资源需求低。未来工作将集中于提升模型精度、交互能力，并扩展数据集以支持更广泛的应用。