AI-based cyber threat detection and honeypots

• Industrial control (ICS), cyber-physical (CPS), and Internet of Things (IoT) systems that operate and maintain critical infrastructure such as water treatment, power, and transportation systems, are increasingly becoming targets of cyberattacks.
• These environments present distinct cybersecurity challenges, including increased digitization, many access points, and legacy software and hardware.
• Honeypots are digital decoys designed to lure, deceive, and engage cyberattackers, with the aim of profiling attackers, collecting data, and gathering information on attack tactics. This invention focuses on developing next-gen honeypots designed to enhance cybersecurity for ICS, CPS, and IoT.

TECHNOLOGY

• The team has developed an algorithm that effectively integrates cyber layer emulation and physical processes simulation to enable prolonged studying of the attacker as they probe the system (switching between injecting attack signals and observing their impact), search for vulnerabilities, and refine their attack tactics and strategies.
• The next-generation honeypot technology is specifically designed to address the unique cybersecurity needs of ICS, CPS, and IoT environments. It incorporates advanced attacker interaction mechanisms and simulates both digital and physical dynamics of these systems, creating a highly deceptive and immersive experience for attackers.

BENEFITS

• The unmet need in the industrial cybersecurity market lies in the lack of proactive security tools that go beyond simply detecting attacks. Traditional security solutions are largely reactive, focusing on identifying threats as or after they occur rather than providing insights into the attackers' behavior and techniques—insights that are crucial for understanding and defending against sophisticated and emerging threats. This invention addresses the gap by actively engaging attackers and drawing out more information about their tactics, providing organizations with the intelligence they need to better defend their systems. 
• The majority of research and implementations in ICS honeypots typically involve low-interaction honeypots, which simulate limited services and focus only on cyber layer emulation. Amongst the few honeypot implementations that incorporate physical process simulations, these honeypots often utilize simplistic physics simulations that do not enable prolonged or sophisticated interaction. Some utilize ad-hoc approaches in an attempt to portray system integrity, but these methods are often easily discernible by sophisticated cyberattackers, potentially exposing the presence of the honeypot. 
• Key Features:
  
  • Attacker Engagement Module: Ensures resilience and adaptability during interactions with threat actors, prolonging engagement and gathering valuable intelligence.
  • Resilience: Enables the honeypot to withstand sustained probing and malicious actions, maintaining its integrity and covertness to persuade attackers to extend their interaction.
  • Adaptability: Allows the system to modify its behavior in real-time, adjusting to attackers' actions, creating new scenarios to extract more insights.
  • Controlled Environment for Cybersecurity Teams: Provides a safe environment to test potential defenses and observe attackers' reactions, enabling a proactive approach to cybersecurity.

APPLICATIONS

• The industrial cybersecurity market is on a significant growth trajectory, driven by increasing threats from nation-state actors, cybercriminals, and insiders. According to market research, the global ICS security market is projected to grow from $17.8 billion in 2023 to $25.1 billion by 2028 (Markets&Markets), reflecting accelerated growth that underscores the critical need for advanced security solutions. The expansion of the market is fueled by the growing use of IoT devices, the increasing integration of OT with IT systems, and the tightening of regulatory requirements aimed at securing critical infrastructure. 
• The global cybersecurity honeypot market itself is expected to grow at a compound annual growth rate (CAGR) of 13.0% from 2024 to 2030 (Verified Market Reports), driven by the rising frequency of cyberattacks and growing awareness of the need to protect critical infrastructure.

STATUS

• Provisional patent application filed August 2024.
• Team is forming a startup to commercialize the technology. 
• Initial conversations with major industrial suppliers and provincial utilities
• Seeking industrial partnerships for piloting and licensing.