TY - GEN
T1 - Generating honeypot traffic for industrial control systems
AU - Lin, Htein
AU - Dunlap, Stephen
AU - Rice, Mason
AU - Mullins, Barry
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2017.
PY - 2017
Y1 - 2017
N2 - Defending critical infrastructure assets is an important, but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and, in some cases, convince attackers to reveal their attack strategies. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used in the critical infrastructure. However, most of these honeypots are static systems that wait for would-be attackers. To be effective, honeypot decoys need to be as realistic as possible. This chapter introduces a proof-of-concept honeypot network traffic generator that mimics a genuine control system in operation. Experiments conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations indicate that the proposed traffic generator supports honeypot integration, traffic matching and routing in a decoy building automation network.
AB - Defending critical infrastructure assets is an important, but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and, in some cases, convince attackers to reveal their attack strategies. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used in the critical infrastructure. However, most of these honeypots are static systems that wait for would-be attackers. To be effective, honeypot decoys need to be as realistic as possible. This chapter introduces a proof-of-concept honeypot network traffic generator that mimics a genuine control system in operation. Experiments conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations indicate that the proposed traffic generator supports honeypot integration, traffic matching and routing in a decoy building automation network.
KW - Honeypots
KW - Industrial control systems
KW - Network traffic generation
UR - http://www.scopus.com/inward/record.url?scp=85036662175&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-70395-4_11
DO - 10.1007/978-3-319-70395-4_11
M3 - Conference contribution
AN - SCOPUS:85036662175
SN - 9783319703947
T3 - IFIP Advances in Information and Communication Technology
SP - 193
EP - 223
BT - Critical Infrastructure Protection XI - 11th IFIP WG 11.10 International Conference, ICCIP 2017, Revised Selected Papers
A2 - Shenoi, Sujeet
A2 - Rice, Mason
PB - Springer New York LLC
T2 - 11th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2017
Y2 - 13 March 2017 through 15 March 2017
ER -