Creating Effective Industrial-Control-System Honeypots
MetadataShow full item record
Cyberattacks on industrial control systems (ICSs) can be especially damaging since they often target critical infrastructure. Honeypots are valuable network-defense tools, but they are difficult to implement for ICSs because they must then simulate more than familiar protocols. This research compared the performance of the Conpot and GridPot honeypot tools for simulating nodes on an electric grid for live (not recorded) traffic. We evaluated the success of their deceptions by observing their activity types and by scanning them. GridPot received a higher rate of traffic than Conpot, and many visitors to both were deceived as to whether they were dealing with a honeypot. We also tested Shodan’s Honeyscore for finding honeypots, and found it was fooled by our honeypots as well as others when, like most users, it did not take site history into account. This is good news for collecting useful attack intelligence with ICS honeypots.
Proceedings of the 53rd Hawaii International Conference on System Sciences | 2020The article of record as published may be found at https://doi.org/10.24251/HICSS.2020.228
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Brown, Justin C. (Monterey, CA; Naval Postgraduate School, 2019-09);Heuristic analysis can reveal honeypots (decoy computer systems doing intelligence gathering) among Internet-connected industrial-control sites. Detectability of honeypots is undesirable, as it enables a careful adversary ...
Rowe, Neil C.; Nguyen, Thuy D.; Kendrick, Marian M.; Rucker, Zaki A.; Hyun, Dahae; Brown, Justin C. (HICSS, 2020);Cyberattacks on industrial control systems (ICSs) can be especially damaging since they often target critical infrastructure. Honeypots are valuable network-defense tools, but they are difficult to implement for ICSs because ...
Rowe, Neil C. (Monterey, California. Naval Postgraduate School, 2006-01);Honeypots are computer systems that try to fool cyberattackers into thinking they are ordinary computer systems, when in fact they are designed solely to collect data about attack methods and thereby enable better defense ...