An Integrated Security Framework for OT System Based on Edge Computing

Abstract

The emergence of edge computing helps to address issues such as transmission latency, bandwidth, and privacy. Operational Technology (OT) systems require high costs to maintain the continuous operation of devices and generate large amounts of data. Combined with edge computing, the operational efficiency and data processing capability of OT systems can be improved. However, edge computing can also pose significant risks to OT systems. Many attackers are beginning to target OT systems, and attacks against industrial control systems have been growing these years. This paper focuses on protocol security, anomaly intrusion detection, and honeypot defense in industrial control systems (ICS). We propose an OTEC security framework that combines OT systems and edge computing to address these issues. The framework consists of three main vital functions: protocol improvement (enhancing the security of Modbus protocol), intrusion detection (detecting anomalous data from the system), and proactive defense (deploying honeypots). We verified the effectiveness of OTEC through simulation experiments. The results show that our framework enhances the Modbus protocol’s security and guarantees the protocol’s availability, integrity, and confidentiality. The intrusion detection module uses deep learning algorithms and can reach 94% detection accuracy. The honeynet we deployed recorded the attack behaviour of attackers from different regions, which can provide good training data for the intrusion detection module.