Hardening Honeypots for Industrial Control Systems

dc.contributor.author Meier, Joseph
dc.contributor.author Nguyen, Thuy
dc.contributor.author Rowe, Neil
dc.date.accessioned 2022-12-27T19:23:11Z
dc.date.available 2022-12-27T19:23:11Z
dc.date.issued 2023-01-03
dc.description.abstract Honeypots are computers that collect intelligence about new cyberattacks and malware behavior. To be successful, these decoys must allow attackers to probe a system without compromising data collection. Previously, we developed an industrial control system (ICS) honeypot simulating a small electric-distribution system, but this honeypot was attacked, and its log data was deleted. The current work analyzed the attacks and developed methods to harden the main weaknesses of the public user interface. The hardened honeypot included more robust data collection and logging capabilities, and was deployed in a commercial cloud environment. We observed significant scanning and new attacks, including the well-known BlueKeep exploit and activity related to Russian cyberattacks on Ukraine. Our results showed that the added security controls, monitoring, and logging were more effective in protecting the honeypot’s data and event logs.
dc.format.extent 10
dc.identifier.doi 10.24251/HICSS.2023.806
dc.identifier.isbn 978-0-9981331-6-4
dc.identifier.uri https://hdl.handle.net/10125/103440
dc.language.iso eng
dc.relation.ispartof Proceedings of the 56th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Cybersecurity and Software Assurance
dc.subject cybersecurity
dc.subject honeypot
dc.subject industrial control system
dc.subject logging
dc.subject rdp attack
dc.title Hardening Honeypots for Industrial Control Systems
dc.type.dcmi text
prism.startingpage 6665
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
2.2 MB
Adobe Portable Document Format