AMINet: An Industrial Honeynet for AMI Systems.

Advanced Metering Infrastructure (AMI) systems constitute a vital part for the interconnection of the electrical grid towards enabling the smart grid area. They enable real-time electrical measurement exchange through a utility platform, in order to activate billing and load demand forecasting processes. However, the cyber-attack surface of such systems has increased over the latest years. The attacks are becoming highly sophisticated and cannot be detected by the existing cyber-security mechanisms. To cope with this challenge, these mechanisms should start incorporating knowledge about adversarial Tactics, Techniques are Procedures (TTPs). To achieve this, deception tools are used to lure adversaries by introducing an environment that resembles the actual system. In this paper we propose AMINet, which builds on a composition of well-known deception tools as honeypots to form a honeynet for AMI systems. Specifically, this work focuses on AMINet first architectural design with an emphasis on its emulation capabilities on the behavior and interactions between smart meters and the utility platform using the DLMS/COSEM protocol. Furthermore, AMINet is deployed in an production-level AMI infrastructure and compared against the actual AMI system that is available on the utility business side. The comparison results demonstrate a similar behavior, which is validated through initial tests on functional and non-functional requirements. Additionally, the existing small set of static attacks running in the infrastructure is enriched by more sophisticated attacks and AMINet aids towards the development of dedicated detection tools by logging the adversarial interactions.