Skip to Main content Skip to Navigation
Conference papers

Generating honeypot traffic for industrial control systems

Abstract : Defending critical infrastructure assets is an important, but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and, in some cases, convince attackers to reveal their attack strategies. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used in the critical infrastructure. However, most of these honeypots are static systems that wait for would-be attackers. To be effective, honeypot decoys need to be as realistic as possible. This chapter introduces a proof-of-concept honeypot network traffic generator that mimics a genuine control system in operation. Experiments conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations indicate that the proposed traffic generator supports honeypot integration, traffic matching and routing in a decoy building automation network.
Document type :
Conference papers
Complete list of metadata

Cited literature [26 references]  Display  Hide  Download

https://hal.inria.fr/hal-01819143
Contributor : Hal Ifip <>
Submitted on : Wednesday, June 20, 2018 - 9:24:11 AM
Last modification on : Wednesday, June 20, 2018 - 9:34:06 AM
Long-term archiving on: : Tuesday, September 25, 2018 - 11:07:01 AM

File

460140_1_En_11_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Htein Lin, Stephen Dunlap, Mason Rice, Barry Mullins. Generating honeypot traffic for industrial control systems. 11th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2017, Arlington, VA, United States. pp.193-223, ⟨10.1007/978-3-319-70395-4_11⟩. ⟨hal-01819143⟩

Share

Metrics

Record views

191

Files downloads

295