Please use this identifier to cite or link to this item:

Creating Convincing Industrial-Control-System Honeypots

File Size Format  
0183.pdf 347.12 kB Adobe PDF View/Open

Item Summary

Title:Creating Convincing Industrial-Control-System Honeypots
Authors:Rowe, Neil
Nguyen, Thuy
Kendrick, Marian
Rucker, Zaky
Hyun, Dahae
show 1 moreBrown, Justin
show less
Keywords:Cyber Deception for Defense
industrial control systems
show 1 morenetwork monitoring
show less
Date Issued:07 Jan 2020
Abstract:Cyberattacks on industrial control systems (ICSs) can be especially damaging since they often target critical infrastructure. Honeypots are valuable network-defense tools, but they are difficult to implement for ICSs because they must then simulate more than familiar protocols. This research compared the performance of the Conpot and GridPot honeypot tools for simulating nodes on an electric grid for live (not recorded) traffic. We evaluated the success of their deceptions by observing their activity types and by scanning them. GridPot received a higher rate of traffic than Conpot, and many visitors to both were deceived as to whether they were dealing with a honeypot. We also tested Shodan’s Honeyscore for finding honeypots, and found it was fooled by our honeypots as well as others when, like most users, it did not take site history into account. This is good news for collecting useful attack intelligence with ICS honeypots.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Cyber Deception for Defense

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons