Creating Convincing Industrial-Control-System Honeypots

Cyberattacks on industrial control systems (ICSs) can be especially damaging since they often target critical infrastructure. Honeypots are valuable network-defense tools, but they are difficult to implement for ICSs because they must then simulate more than familiar protocols. This research compared the performance of the Conpot and GridPot honeypot tools for simulating nodes on an electric grid for live (not recorded) traffic. We evaluated the success of their deceptions by observing their activity types and by scanning them. GridPot received a higher rate of traffic than Conpot, and many visitors to both were deceived as to whether they were dealing with a honeypot. We also tested Shodan’s Honeyscore for finding honeypots, and found it was fooled by our honeypots as well as others when, like most users, it did not take site history into account. This is good news for collecting useful attack intelligence with ICS honeypots.

[1]  Sebastian Obermeier,et al.  A flexible architecture for Industrial Control System honeypots , 2015, 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE).

[2]  Neil Rowe,et al.  Web Honeypots for Spies , 2018, 2018 International Conference on Computational Science and Computational Intelligence (CSCI).

[3]  Barry E. Mullins,et al.  Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices , 2014, Int. J. Crit. Infrastructure Prot..

[4]  Neil C. Rowe,et al.  Introduction to Cyberdeception , 2016, Springer International Publishing.

[5]  Catherine A. Theohary,et al.  Cyber Operations in DOD Policy and Plans: Issues for Congress , 2014 .

[6]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[7]  Márk Félegyházi,et al.  CryPLH: Protecting Smart Energy Systems from Targeted Attacks with a PLC Honeypot , 2014, SmartGridSec.

[8]  William Owen Redwood Cyber Physical System Vulnerability Research , 2016 .

[9]  Hsinchun Chen,et al.  SCADA honeypots: An in-depth analysis of Conpot , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[10]  Omar Salim Kidege,et al.  Industrial Network Security – A Critical Review , 2017 .

[11]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[12]  Ryan Cunningham,et al.  Honeypot-Aware Advanced Botnet Construction and Maintenance , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[13]  Samuel Lewis Litchfield HoneyPhy: A physics-aware CPS honeypot framework , 2017 .

[14]  Ehab Al-Shaer,et al.  Honeypot Deception Tactics , 2019, Autonomous Cyber Deception.

[15]  Anjali Sardana,et al.  Honeypots: A New Paradigm to Information Security , 2011 .