Honeyfarm: AI-based Honeypots for Industrial OPC UA Communication via an On-Demand Deployment Architecture
Published in SecIndustry Workshop at Availability, Reliability and Security Conference (ARES) 2026, 2026
Recommended citation: Olaf Saßnick, Florian Entleitner, Dalibor Sain, Thomas Rosenstatter, Andreas Unterweger, Simon Hoher and Stefan Huber. "Honeyfarm: AI-based Honeypots for Industrial OPC UA Communication via an On-Demand Deployment Architecture," in SecIndustry Workshop at Availability, Reliability and Security (ARES) 2026, August 2026, accepted.
The proposed system isolates attackers from production systems by dynamically redirecting malicious traffic to a honeypot instance, that continues from the production system state. This redirection allows continued observation without alerting the attacker while protecting the industrial system. At the core of the architecture is a generative AI model that learns ICPS behaviour from OPC UA communication data. In contrast, existing approaches typically require a manually parametrised simulation model. Our proposed approach enables automated creation of medium-interaction honeypot functionality with minimal manual effort.
Download the accepted paper here.