Skip to Main content Skip to Navigation
Conference papers

A Symbolic Honeynet Framework for SCADA System Threat Intelligence

Abstract : Current SCADA honeypot technologies present attackers with static or pseudo-random data, and are unlikely to entice attackers to use high value or zero-day attacks. This chapter presents a symbolic cyberphysical honeynet framework that addresses the problem, enhances the screening and coalescence of attack events for analysis, provides attack introspection down to the physics level of a SCADA system and enables forensic replays of attacks. The work extends honeynet methodologies with integrated physics simulation and anomaly detection utilizing a symbolic data flow model of system physics. Attacks that trigger anomalies in the physics of a system are captured and organized via a coalescing algorithm for efficient analysis. Experimental results are presented to demonstrate the effectiveness of the approach.
Document type :
Conference papers
Complete list of metadatas

Cited literature [17 references]  Display  Hide  Download

https://hal.inria.fr/hal-01431016
Contributor : Hal Ifip <>
Submitted on : Tuesday, January 10, 2017 - 2:56:26 PM
Last modification on : Wednesday, January 11, 2017 - 2:31:15 PM
Long-term archiving on: : Tuesday, April 11, 2017 - 3:18:50 PM

File

978-3-319-26567-4_7_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Owen Redwood, Joshua Lawrence, Mike Burmester. A Symbolic Honeynet Framework for SCADA System Threat Intelligence. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. pp.103-118, ⟨10.1007/978-3-319-26567-4_7⟩. ⟨hal-01431016⟩

Share

Metrics

Record views

160

Files downloads

804