Industrial Control System (ICS) honeypots suffer from low physical process fidelity—particularly due to inaccurate modeling of sensor noise and external disturbances—making them vulnerable to attacker identification and undermining their defensive utility. To address this, we propose the first fidelity assessment framework for physical processes based on noise distribution similarity, requiring only real-world time-series data to quantitatively measure how closely simulated dynamics approximate actual system behavior. We further introduce a novel, model-agnostic noise fidelity ranking method that eliminates reliance on prior mathematical models or simplifying assumptions. Our approach integrates random forest–based noise estimation, autoencoder-driven generative modeling, and statistical distance metrics. End-to-end evaluation on the EPIC real-world power grid dataset achieves 1.0 recall in identifying authentic samples, validates Gaussian and Gaussian mixture distributions combined with autoencoders as optimal noise modeling strategies, and significantly enhances honeypot evasiveness against detection.

Industrial Control Systems (ICS) manage critical infrastructures like power grids and water treatment plants. Cyberattacks on ICSs can disrupt operations, causing severe economic, environmental, and safety issues. For example, undetected pollution in a water plant can put the lives of thousands at stake. ICS researchers have increasingly turned to honeypots -- decoy systems designed to attract attackers, study their behaviors, and eventually improve defensive mechanisms. However, existing ICS honeypots struggle to replicate the ICS physical process, making them susceptible to detection. Accurately simulating the noise in ICS physical processes is challenging because different factors produce it, including sensor imperfections and external interferences. In this paper, we propose SimProcess, a novel framework to rank the fidelity of ICS simulations by evaluating how closely they resemble real-world and noisy physical processes. It measures the simulation distance from a target system by estimating the noise distribution with machine learning models like Random Forest. Unlike existing solutions that require detailed mathematical models or are limited to simple systems, SimProcess operates with only a timeseries of measurements from the real system, making it applicable to a broader range of complex dynamic systems. We demonstrate the framework's effectiveness through a case study using real-world power grid data from the EPIC testbed. We compare the performance of various simulation methods, including static and generative noise techniques. Our model correctly classifies real samples with a recall of up to 1.0. It also identifies Gaussian and Gaussian Mixture as the best distribution to simulate our power systems, together with a generative solution provided by an autoencoder, thereby helping developers to improve honeypot fidelity. Additionally, we make our code publicly available.