Honeypots for Threat Intelligence in Building Automation Systems

Direct Digital Controls (DDCs) are components of building automation systems that have a network interface. In this paper we describe how to create a honeypot for such a device. We have replicated the individual services available on the device with extensive logging mechanisms. To do this, we dealt with both protocol-specific as well as operating system-specific properties. We then conduct an experiment in which the honeypots are made publicly accessible on the Internet in order to check whether existing vulnerabilities are already being exploited in the examined devices. While analysing the data we didn’t find any specific attacks for this device. Finally, we suggest possible improvements for future experiments.

[1]  Lei Wu,et al.  Honeypot detection in advanced botnet attacks , 2010, Int. J. Inf. Comput. Secur..

[2]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[3]  Hans D. Schotten,et al.  Investigation of cyber crime conducted by abusing weak or default passwords with a medium interaction honeypot , 2017, 2017 International Conference on Cyber Security And Protection Of Digital Services (Cyber Security).

[4]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[5]  M. D. Morris,et al.  Direct Digital Control of Building Systems: Theory and Practice , 1994 .

[6]  Tsutomu Matsumoto,et al.  IoTPOT: A Novel Honeypot for Revealing Current IoT Threats , 2016, J. Inf. Process..

[7]  Thomas Mundt,et al.  Security in building automation systems - a first analysis , 2016, 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security).

[8]  Hermann Merz,et al.  Introduction to Building Automation , 2009 .