Collecting cyberattack data for industrial control systems using honeypots
Rowe, Neil C.
Nguyen, Thuy D.
MetadataShow full item record
Operational technology, information technology for industrial control systems, has advanced more slowly in security than other kinds of information technology. To aid the discovery of indicators of compromise for industrial control systems, this thesis tested a specialized honeypot, Conpot. Conpot is an open-source low-interaction honeypot that simulates an industrial control system such as a power plant and collects information on cyberattacks. We created parsers to extract its log data for use as indicators of compromise. Conpot provided information such as Internet Protocol (IP) addresses, transmission control protocol or user datagram protocol (TCP/UDP) ports, and basic protocol-specific data. While this was useful for identifying the protocols most frequently attacked and the countries of origin of attacks, we recommend using a high-interaction honeypot to generate more effective indicators of compromise.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Rowell, Marsha D. (Monterey, California: Naval Postgraduate School, 2017-03);It has been said that cyber attackers are attacking at wire speed (very fast), while cyber defenders are defending at human speed (very slow). Researchers have been working to improve this asymmetry by automating a greater ...
Newman, Lea. (Monterey, California. Naval Postgraduate School, 2008-03);On any given day, news sources are packed with information on the various negotiations going on throughout the world in an attempt to resolve an ongoing dispute. Typically, nation-states enter into negotiations as a final ...
Identifying and embedding common indicators of compromise in virtual machines for lab-based incident response education Van Dusen, Matthew S. (Monterey, California: Naval Postgraduate School, 2015-09);Though typical malware delivery vectors, behaviors, and general attack craft can be verbally explained and even illustrated, greater familiarity and confidence is imbued in the cyber defender when such theoretical explanations ...