DEPLOYING AN ICS HONEYPOT IN A CLOUD COMPUTING ENVIRONMENT AND COMPARATIVELY ANALYZING RESULTS AGAINST PHYSICAL NETWORK DEPLOYMENT
Loading...
Authors
Bieker, Matthew C.
Pilkington, Darry
Subjects
industrial control systems
cloud computing
honeypot
cloud computing
honeypot
Advisors
Rowe, Neil C.
Nguyen, Thuy D.
Date of Issue
2020-12
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Industrial control systems (ICSs) provide important services in national critical infrastructure but are increasingly the subject of cyberattacks. The need for ease of maintenance and operational convenience encourages using cloud services, increasing their security vulnerabilities, and knowing what threats to expect that would help in defending cloud-based ICSs. This thesis tested an ICS honeypot (decoy system) called GridPot that was deployed in a third-party cloud environment and simulated a microgrid distribution system. We compared data from a GridPot instance deployed on an in-house server with three cloud-deployed GridPot instances with varying configurations. Overall results showed that the cloud-deployed GridPots had comparable traffic to the non-cloud GridPot, but it yielded less ICS-specific traffic, though what occurred appeared more deliberate. Nearly all attacks on the cloud-deployed GridPots showed little sophistication about ICS protocols. Our results further confirmed that cloud-based honeypot owners must maintain awareness of cloud service providers that recycle IP addresses to avoid exploits on previously used IP addresses. We conclude that ICS honeypots in the cloud are an effective tool for collecting cyberattack intelligence, and they do not appear to discourage attacks by being in the cloud.
Type
Thesis
Description
Series/Report No
Department
Information Sciences (IS)
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.