Hardening Honeypots for Industrial Control Systems
dc.contributor.author | Meier, Joseph | |
dc.contributor.author | Nguyen, Thuy | |
dc.contributor.author | Rowe, Neil | |
dc.date.accessioned | 2022-12-27T19:23:11Z | |
dc.date.available | 2022-12-27T19:23:11Z | |
dc.date.issued | 2023-01-03 | |
dc.description.abstract | Honeypots are computers that collect intelligence about new cyberattacks and malware behavior. To be successful, these decoys must allow attackers to probe a system without compromising data collection. Previously, we developed an industrial control system (ICS) honeypot simulating a small electric-distribution system, but this honeypot was attacked, and its log data was deleted. The current work analyzed the attacks and developed methods to harden the main weaknesses of the public user interface. The hardened honeypot included more robust data collection and logging capabilities, and was deployed in a commercial cloud environment. We observed significant scanning and new attacks, including the well-known BlueKeep exploit and activity related to Russian cyberattacks on Ukraine. Our results showed that the added security controls, monitoring, and logging were more effective in protecting the honeypot’s data and event logs. | |
dc.format.extent | 10 | |
dc.identifier.doi | 10.24251/HICSS.2023.806 | |
dc.identifier.isbn | 978-0-9981331-6-4 | |
dc.identifier.uri | https://hdl.handle.net/10125/103440 | |
dc.language.iso | eng | |
dc.relation.ispartof | Proceedings of the 56th Hawaii International Conference on System Sciences | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
dc.subject | Cybersecurity and Software Assurance | |
dc.subject | cybersecurity | |
dc.subject | honeypot | |
dc.subject | industrial control system | |
dc.subject | logging | |
dc.subject | rdp attack | |
dc.title | Hardening Honeypots for Industrial Control Systems | |
dc.type.dcmi | text | |
prism.startingpage | 6665 |