论文信息 - Poster : Re-thinking the Honeypot for Cyber-Physical Systems

Poster : Re-thinking the Honeypot for Cyber-Physical Systems

Since the early 1990s, the idea of entrapping and deceiving computer attackers in order to study their behavior and misdirect them has been used with great success in the computer security field. This practice, traditionally done through a computing system configured to emulate critical resources, called a Honeypot, has revealed attacker strategies and kept more critical computing resources safe. As the Cyber-Physical Systems (CPS) space grows and becomes increasingly networked, attackers have been more interested in compromising the resources controlling these systems. In response, honeypots have been designed to emulate CPS specific components. However, all existing CPS honeypots neglect certain aspects of these systems that can alert an attacker to the nature of the honeypot, namely the simulation of the attached physical process and the physics of the devices that interact with the process. We propose a new CPS specific Honeypot framework, called HoneyPhy: A Physics-aware Honeypot Framework, that addresses these problems and aims to be extensible to all CPS.

[1] Kyle Wilhoit. The GasPot Experiment : Unexamined Perils in Using Gas-Tank-Monitoring Systems , 2015 .

[2] Raheem A. Beyah,et al. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems , 2016, NDSS.