Collecting cyberattack data for industrial control systems using honeypots
Rowe, Neil C.
Nguyen, Thuy D.
MetadataShow full item record
Operational technology, information technology for industrial control systems, has advanced more slowly in security than other kinds of information technology. To aid the discovery of indicators of compromise for industrial control systems, this thesis tested a specialized honeypot, Conpot. Conpot is an open-source low-interaction honeypot that simulates an industrial control system such as a power plant and collects information on cyberattacks. We created parsers to extract its log data for use as indicators of compromise. Conpot provided information such as Internet Protocol (IP) addresses, transmission control protocol or user datagram protocol (TCP/UDP) ports, and basic protocol-specific data. While this was useful for identifying the protocols most frequently attacked and the countries of origin of attacks, we recommend using a high-interaction honeypot to generate more effective indicators of compromise.
RightsCopyright is reserved by the copyright owner.
Showing items related by title, author, creator and subject.
Rowell, Marsha D. (Monterey, California: Naval Postgraduate School, 2017-03);It has been said that cyber attackers are attacking at wire speed (very fast), while cyber defenders are defending at human speed (very slow). Researchers have been working to improve this asymmetry by automating a greater ...
Myers, Kurt J.; Christopher, Fidel E. (Monterey, CA; Naval Postgraduate School, 2018-06);This capstone evaluates the capabilities and potential usefulness of a Security Information and Event Management (SIEM) system in the detection of malicious network activities. The emphasis of this project was to select ...
DISCOVERING CYBER INDICATORS OF COMPROMISE ON WINDOWS OS 10 CLIENTS USING POWERSHELL AND THE .NET FRAMEWORK Turner, Jackie E.; Galloway, Andrea E. (Monterey, CA; Naval Postgraduate School, 2018-09);This report describes research that was conducted for the purpose of advancing cyber incident response capability at the U.S. DoD-defined Tier 3 level. As both authors (at time of writing) serve in cyber support roles ...