Naval Postgraduate School
Dudley Knox Library
NPS Dudley Knox Library
View Item 
  •   Calhoun Home
  • Faculty and Researchers
  • Faculty and Researchers' Publications
  • View Item
  •   Calhoun Home
  • Faculty and Researchers
  • Faculty and Researchers' Publications
  • View Item
  • How to search in Calhoun
  • My Accounts
  • Ask a Librarian
JavaScript is disabled for your browser. Some features of this site may not work without it.

Browse

All of CalhounCollectionsThis Collection

My Account

LoginRegister

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

Identifying Anomalous Network Flow Activity Using Cloud-Based Honeypots

Thumbnail
Download
IconNPS-CS-20-003 (1).pdf (651.2Kb)
Download Record
Download to EndNote/RefMan (RIS)
Download to BibTex
Author
Rowe, Neil C.
Nguyen, Thuy D.
Dougherty, Jeffrey T.
Date
2020-10
Metadata
Show full item record
Abstract
This work addressed efficient and effective implementation of honeypots (decoy devices) in cloud services. Honeypots are essential tools for detecting new attacks on computers and networks, and cloud services are distributed processing systems that can be used to provide great flexibility in software deployment. The particular subtype of honeypot we investigated was for industrial control systems (ICS) that manage electrical-power systems. Starting with two existing software frameworks called Conpot and GridPot, we added new obfuscation techniques, new simulated features of a fake electric grid, and new interfaces that looked like real power-plant controls to increase their deceptive power. These deceptions were effective in our first experiments with a standalone honeypot, as we were attacked twice by a sophisticated adversary as well as by many other less sophisticated attackers. In our second experiments, not yet complete, we deployed the same honeypot configurations at two cloud sites in the U.S. and in Asia. We saw clear differences between all three deployments, showing that context is very important in deceiving attackers and collecting useful data about their attacks. We were concerned deployment in the cloud could be detected by attackers and discourage their investigation, but we saw no evidence of that; apparently enough real electric-generation systems are deployed in the cloud today that they are not suspicious. We conclude that honeypots for industrial control systems using cloud services are a useful tool for information security.
Description
Prepared for: U.S. Fleet Forces Command
 
 
Approved for public release; distribution unlimited.
 
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted.
URI
https://hdl.handle.net/10945/66350
NPS Report Number
NPS-CS-20-003
Collections
  • All Technical Reports Collection
  • Computer Science (NPS-CS)
  • Faculty and Researchers' Publications

Related items

Showing items related by title, author, creator and subject.

  • Thumbnail

    Fake Honeypots: A Defensive Tactic for Cyberspace 

    Rowe, Neil C.; Duong, Binh T.; Custy, E. John (Monterey, California. Naval Postgraduate School, 2006-06);
    Cyber-attackers are becoming more aware of honeypots. They generally want to avoid honeypots since it is hard to spread attacks from them, attacks are thoroughly monitored on them, and some honeypots contain planted false ...
  • Thumbnail

    Assessing the effects of honeypots on cyber-attackers 

    Lim, Sze Li Harry (Monterey, California. Naval Postgraduate School, 2006-12);
    A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. While the security community is reaping fruits of this collection tool, the hacker ...
  • Thumbnail

    Testing a low-interaction honeypot against live cyber attackers 

    Frederick, Erwin E. (Monterey, California. Naval Postgraduate School, 2011-09);
    The development of honeypots as decoys designed to detect, investigate, and counterattack unauthorized use of information systems has produced an "arms race" between honeypots (computers designed solely to receive cyber ...
NPS Dudley Knox LibraryDUDLEY KNOX LIBRARY
Feedback

411 Dyer Rd. Bldg. 339
Monterey, CA 93943
circdesk@nps.edu
(831) 656-2947
DSN 756-2947

    Federal Depository Library      


Start Your Research

Research Guides
Academic Writing
Ask a Librarian
Copyright at NPS
Graduate Writing Center
How to Cite
Library Liaisons
Research Tools
Thesis Processing Office

Find & Download

Databases List
Articles, Books & More
NPS Theses
NPS Faculty Publications: Calhoun
Journal Titles
Course Reserves

Use the Library

My Accounts
Request Article or Book
Borrow, Renew, Return
Tech Help
Remote Access
Workshops & Tours

For Faculty & Researchers
For International Students
For Alumni

Print, Copy, Scan, Fax
Rooms & Study Spaces
Floor Map
Computers & Software
Adapters, Lockers & More

Collections

NPS Archive: Calhoun
Restricted Resources
Special Collections & Archives
Federal Depository
Homeland Security Digital Library

About

Hours
Library Staff
About Us
Special Exhibits
Policies
Our Affiliates
Visit Us

NPS-Licensed Resources—Terms & Conditions
Copyright Notice

Naval Postgraduate School

Naval Postgraduate School
1 University Circle, Monterey, CA 93943
Driving Directions | Campus Map

This is an official U.S. Navy Website |  Please read our Privacy Policy Notice  |  FOIA |  Section 508 |  No FEAR Act |  Whistleblower Protection |  Copyright and Accessibility |  Contact Webmaster

Export search results

The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

A logged-in user can export up to 15000 items. If you're not logged in, you can export no more than 500 items.

To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.