Generating honeypot traffic for industrial control systems - Critical Infrastructure Protection XI Access content directly
Conference Papers Year : 2017

Generating honeypot traffic for industrial control systems

Abstract

Defending critical infrastructure assets is an important, but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and, in some cases, convince attackers to reveal their attack strategies. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used in the critical infrastructure. However, most of these honeypots are static systems that wait for would-be attackers. To be effective, honeypot decoys need to be as realistic as possible. This chapter introduces a proof-of-concept honeypot network traffic generator that mimics a genuine control system in operation. Experiments conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations indicate that the proposed traffic generator supports honeypot integration, traffic matching and routing in a decoy building automation network.
Fichier principal
Vignette du fichier
460140_1_En_11_Chapter.pdf (3.58 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01819143 , version 1 (20-06-2018)

Licence

Identifiers

Cite

Htein Lin, Stephen Dunlap, Mason Rice, Barry Mullins. Generating honeypot traffic for industrial control systems. 11th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2017, Arlington, VA, United States. pp.193-223, ⟨10.1007/978-3-319-70395-4_11⟩. ⟨hal-01819143⟩
133 View
497 Download

Altmetric

Share

Gmail Mastodon Facebook X LinkedIn More