Practical application layer emulation in industrial control system honeypots

Kyle Girtz, Barry Mullins, Mason Rice, Juan Lopez

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

Attacks on industrial control systems and critical infrastructure assets are on the rise. These systems are at risk due to outdated technology and ad hoc security measures. As a result, honeypots are often deployed to collect information about malicious intrusions and exploitation techniques. While virtual honeypots mitigate the excessive cost of hardware-replicated honeypots, they often suffer from a lack of authenticity. In addition, honeypots utilizing a proxy to a live programmable logic controller suffer from performance bottlenecks and limited scalability. This chapter describes an enhanced, application layer emulator that addresses both limitations. The emulator combines protocol-agnostic replay with dynamic updating via a proxy to produce a device that is easily integrated into existing honeypot frameworks.

Original languageEnglish
Title of host publicationCritical Infrastructure Protection X - 10th IFIP WG 11.10 International Conference, ICCIP 2016, Revised Selected Papers
EditorsSujeet Shenoi, Mason Rice
PublisherSpringer New York LLC
Pages83-98
Number of pages16
ISBN (Print)9783319487366
DOIs
StatePublished - 2016
Externally publishedYes
Event10th IFIP WG 11.10 International Conference on Critical Infrastructure Protection X, ICCIP 2016 - Arlington, United States
Duration: Mar 14 2016Mar 16 2016

Publication series

NameIFIP Advances in Information and Communication Technology
Volume485
ISSN (Print)1868-4238

Conference

Conference10th IFIP WG 11.10 International Conference on Critical Infrastructure Protection X, ICCIP 2016
Country/TerritoryUnited States
CityArlington
Period03/14/1603/16/16

Keywords

  • Emulator
  • Honeypot
  • Industrial control systems
  • Proxy

Fingerprint

Dive into the research topics of 'Practical application layer emulation in industrial control system honeypots'. Together they form a unique fingerprint.

Cite this