Applied Security through Cyber Innovation and Implementation
Permanent URI for this collection
Browse
Recent Submissions
Item A Resilient Dual-Purpose Web Honeypot for Analyzing Attacks on Industrial Control Systems(2025-01-07) Sill, Andrew; Nguyen, Thuy; Rowe, NeilProtection of industrial control systems (ICS) is a critical security task since failure can lead to large-scale damage. Exposing these systems to the Internet makes them more manageable but also more vulnerable to costly attacks. Honeypots are deceptive systems deployed to gather intelligence on cyberattacks and can help defend Internet-connected ICSs. We developed a resilient server that functions both as a Web honeypot and as the front end for an ICS honeypot simulating a residential electrical microgrid. Our server underwent third-party penetration testing and ran without any identified compromise on a commercial cloud machine. We observed significant scanning, and some HTTP-based attack attempts, including the Mirai botnet malware. Our results showed that the dual-purpose Web honeypot improved data collection and protection of the Internet-exposed user interface of the ICS honeypot.Item Analyzing Changes in the Self-similarity of Industrial Control System Network Traffic Caused by Bursty Sources(2025-01-07) Martin, Bryan; Mccurdy, William; Bollmann, ChadIt is well documented that bursty sources on a network, such as those derived from human-type communications (HTC), result in the traffic exhibiting self-similar behavior. However, limited research has been conducted into the self-similarity of networks consisting of machine-type communications (MTC), such as the Internet of Things (IoT) or industrial control system (ICS) devices. Furthermore, it has not been shown how MTC traffic patterns change when aggregated with bursty, human traffic. This research uses publicly available ICS datasets to investigate the effects of adding bursty traffic to MTC networks as characterized by the self-similarity of the traffic. As MTC networks exhibit a lower degree of self-similarity when compared to networks containing HTC, we demonstrate that even a small percentage of bursty traffic introduced to the MTC network will cause an increase in self-similarity. We present these findings as a foundation for utilizing changes in self-similarity, as measured by the Hurst parameter, for anomaly detection of human activity in traditionally non-bursty networks.Item Introduction to the Minitrack on Applied Security Through Cyber Innovation and Implementation(2025-01-07) Tsamis, Nick; Bollmann, Chad; Hale, Britta; Scrofani, James