Practical Application Layer Emulation in Industrial Control System Honeypots

Abstract : Attacks on industrial control systems and critical infrastructure assets are on the rise. These systems are at risk due to outdated technology and ad hoc security measures. As a result, honeypots are often deployed to collect information about malicious intrusions and exploitation techniques. While virtual honeypots mitigate the excessive cost of hardware-replicated honeypots, they often suffer from a lack of authenticity. In addition, honeypots utilizing a proxy to a live programmable logic controller suffer from performance bottlenecks and limited scalability. This chapter describes an enhanced, application layer emulator that addresses both limitations. The emulator combines protocol-agnostic replay with dynamic updating via a proxy to produce a device that is easily integrated into existing honeypot frameworks.
Type de document :
Communication dans un congrès
10th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2016, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-485, pp.83-98, 2016, Critical Infrastructure Protection X. 〈10.1007/978-3-319-48737-3_5〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01614865
Contributeur : Hal Ifip <>
Soumis le : mercredi 11 octobre 2017 - 14:59:53
Dernière modification le : mercredi 11 octobre 2017 - 15:01:14
Document(s) archivé(s) le : vendredi 12 janvier 2018 - 14:17:32

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Kyle Girtz, Barry Mullins, Mason Rice, Juan Lopez. Practical Application Layer Emulation in Industrial Control System Honeypots. 10th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2016, Arlington, VA, United States. IFIP Advances in Information and Communication Technology, AICT-485, pp.83-98, 2016, Critical Infrastructure Protection X. 〈10.1007/978-3-319-48737-3_5〉. 〈hal-01614865〉

Partager

Métriques

Consultations de la notice

22