A Symbolic Honeynet Framework for SCADA System Threat Intelligence

Abstract : Current SCADA honeypot technologies present attackers with static or pseudo-random data, and are unlikely to entice attackers to use high value or zero-day attacks. This chapter presents a symbolic cyberphysical honeynet framework that addresses the problem, enhances the screening and coalescence of attack events for analysis, provides attack introspection down to the physics level of a SCADA system and enables forensic replays of attacks. The work extends honeynet methodologies with integrated physics simulation and anomaly detection utilizing a symbolic data flow model of system physics. Attacks that trigger anomalies in the physics of a system are captured and organized via a coalescing algorithm for efficient analysis. Experimental results are presented to demonstrate the effectiveness of the approach.
Type de document :
Communication dans un congrès
Mason Rice; Sujeet Shenoi. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-466, pp.103-118, 2015, Critical Infrastructure Protection IX. 〈10.1007/978-3-319-26567-4_7〉
Liste complète des métadonnées

Littérature citée [17 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01431016
Contributeur : Hal Ifip <>
Soumis le : mardi 10 janvier 2017 - 14:56:26
Dernière modification le : mercredi 11 janvier 2017 - 14:31:15
Document(s) archivé(s) le : mardi 11 avril 2017 - 15:18:50

Fichier

978-3-319-26567-4_7_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Owen Redwood, Joshua Lawrence, Mike Burmester. A Symbolic Honeynet Framework for SCADA System Threat Intelligence. Mason Rice; Sujeet Shenoi. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-466, pp.103-118, 2015, Critical Infrastructure Protection IX. 〈10.1007/978-3-319-26567-4_7〉. 〈hal-01431016〉

Partager

Métriques

Consultations de la notice

74

Téléchargements de fichiers

32