SCADA security using SSH honeypot

Industrial Control System (ICS) is a term that refers to control systems in production, transmission and distribution architecture in Smart Grid. These systems can be SCADA (Supervisory Control and Data Acquisition System) and DCS (Distributed Control Systems). ICS have moved from proprietary system to open and standard technologies interconnected with others networks such as Internet. This move to interconnecting ICS with others networks have exposed this system to different attacks and have revealed serious weaknesses. So, these systems must deployed protection measures like IDS, Firewalls, IPS and others. However, detection based on these measures is often based on prior knowledge of the attacks themselves and are not able to study the behavior and techniques used by attackers, which means that new attacks are not detectable by them. So, in order to detect new attacks, understand malicious activities targeting ICS, and analyses attackers' behaviors and techniques used by them, in this article, we use a SSH honeypot tool called Kippo in order to log brute force attacks and shell interaction performed by attackers in order to take attention away in the production server.

[1]  Sebastian Obermeier,et al.  A flexible architecture for Industrial Control System honeypots , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[2]  Sanjay Goel,et al.  Smart Grid Security , 2015, SpringerBriefs in Cybersecurity.

[3]  Eric D. Knapp,et al.  Chapter 3 – Hacking the Smart Grid , 2013 .

[4]  Sebastian Obermeier,et al.  A Scalable Honeynet Architecture for Industrial Control Systems , 2015, ICETE.

[5]  Mike Burmester,et al.  A Symbolic Honeynet Framework for SCADA System Threat Intelligence , 2015, Critical Infrastructure Protection.

[6]  Ronald L. Krutz Securing SCADA systems , 2005 .

[7]  Jorge Cuellar Smart Grid Security , 2012, Lecture Notes in Computer Science.

[8]  Hsinchun Chen,et al.  SCADA honeypots: An in-depth analysis of Conpot , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[9]  James P. Titus,et al.  Security and Privacy , 1967, 2022 IEEE Future Networks World Forum (FNWF).

[10]  Gilbert Sorebo,et al.  Smart Grid Security: An End-to-End View of Security in the New Electrical Grid , 2011 .

[11]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[12]  Eric D. Knapp,et al.  Applied Cyber Security and the Smart Grid: Implementing Security Controls into the Modern Power Infrastructure , 2013 .

[13]  Yang Xiao,et al.  Security and Privacy in Smart Grids , 2013 .

[14]  Ehab Al-Shaer,et al.  Security and Resiliency Analytics for Smart Grids , 2016, Advances in Information Security.