Generating honeypot traffic for industrial control systems

Htein Lin, Stephen Dunlap, Mason Rice, Barry Mullins

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Defending critical infrastructure assets is an important, but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and, in some cases, convince attackers to reveal their attack strategies. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used in the critical infrastructure. However, most of these honeypots are static systems that wait for would-be attackers. To be effective, honeypot decoys need to be as realistic as possible. This chapter introduces a proof-of-concept honeypot network traffic generator that mimics a genuine control system in operation. Experiments conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations indicate that the proposed traffic generator supports honeypot integration, traffic matching and routing in a decoy building automation network.

Original languageEnglish
Title of host publicationCritical Infrastructure Protection XI - 11th IFIP WG 11.10 International Conference, ICCIP 2017, Revised Selected Papers
EditorsSujeet Shenoi, Mason Rice
PublisherSpringer New York LLC
Pages193-223
Number of pages31
ISBN (Print)9783319703947
DOIs
StatePublished - 2017
Externally publishedYes
Event11th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2017 - Arlington, United States
Duration: Mar 13 2017Mar 15 2017

Publication series

NameIFIP Advances in Information and Communication Technology
Volume512
ISSN (Print)1868-4238

Conference

Conference11th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2017
Country/TerritoryUnited States
CityArlington
Period03/13/1703/15/17

Funding

This research was partially supported by the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

FundersFunder number
U.S. Department of Homeland Security

    Keywords

    • Honeypots
    • Industrial control systems
    • Network traffic generation

    Fingerprint

    Dive into the research topics of 'Generating honeypot traffic for industrial control systems'. Together they form a unique fingerprint.

    Cite this