论文信息 - ICS Threat Analysis Using a Large-Scale Honeynet

ICS Threat Analysis Using a Large-Scale Honeynet

A cyber security strategy for Industrial Control Systems (ICS) is typically based on the identified threats to a system. In order to obtain a better insight into the ICS-related threat landscape, we have deployed a large-scale, low-interaction honeypot system on the Internet and have analysed the interactions observed during 28-day long experiments. We describe the interaction results for a variety of industrial and non-industrial protocols, and we analyse the influence of industrial devices being listed on a device-oriented public search engine such as SHODAN. Finally, different combinations of these protocols are compared to determine their relative attractiveness to an external attacker.

Sebastian Obermeier | Alexandru Vlad Serbanescu | Der-Yeuan Yu

[1] Barry E. Mullins,et al. Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices , 2014, Int. J. Crit. Infrastructure Prot..

[2] Wei Gao,et al. Industrial Control System Cyber Attacks , 2013, ICS-CSR.

[3] Susan Marie Wade. SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats , 2011 .

[4] Hsinchun Chen,et al. Uninvited Connections: A Study of Vulnerable Devices on the Internet of Things (IoT) , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[5] John Viega,et al. How Vulnerable Are Unprotected Machines on the Internet? , 2014, PAM.

[6] Bogdan M. Wilamowski,et al. Industrial Communication Systems , 2011 .

[7] Michael Robinson. The SCADA Threat Landscape , 2013, ICS-CSR.

[8] Sandeep K. Shukla,et al. A Distributed Real-Time Event Correlation Architecture for SCADA Security , 2013, Critical Infrastructure Protection.

[9] Sebastian Obermeier,et al. A flexible architecture for Industrial Control System honeypots , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).