Abstract
Attacks on industrial control systems and critical infrastructure assets are on the rise. These systems are at risk due to outdated technology and ad hoc security measures. As a result, honeypots are often deployed to collect information about malicious intrusions and exploitation techniques. While virtual honeypots mitigate the excessive cost of hardware-replicated honeypots, they often suffer from a lack of authenticity. In addition, honeypots utilizing a proxy to a live programmable logic controller suffer from performance bottlenecks and limited scalability. This chapter describes an enhanced, application layer emulator that addresses both limitations. The emulator combines protocol-agnostic replay with dynamic updating via a proxy to produce a device that is easily integrated into existing honeypot frameworks.
Chapter PDF
References
Buza, D., Juhasz, F., Miru, G., Felegyhazi, M., Holczer, T.: CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot, in Smart Grid Security, J. Cuellar (Ed.), Springer, Cham, Switzerland, pp. 181–192 (2014)
Huang, Y., Cardenas, A., Amin, S., Lin, Z., Tsai, H., Sastry, S.: Understanding the physical and economic consequences of attacks on control systems, International Journal of Critical Infrastructure Protection, vol. 2(3), pp. 73–83 (2009)
Jaromin, R.: Emulation of Industrial Control Field Device Protocols, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (2013)
Leita, C., Mermoud, K., Dacier, M.: ScriptGen: An automated script generation tool for Honeyd, Proceedings of the Twenty-First Annual Computer Security Applications Conference, pp. 203–214 (2005)
Provos, N.: A virtual honeypot framework, Proceedings of the Thirteenth USENIX Security Symposium, article no. 1 (2004)
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Addison-Wesley Professional, Upper Saddle River, New Jersey (2007)
Warner, P.: Automatic Configuration of Programmable Logic Controller Emulators, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (2015)
Winn, M.: Constructing Cost-Effective and Targetable ICS Honeypots Suited for Production Networks, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (2015)
Winn, M., Rice, M., Dunlap, S., Lopez, J., Mullins, B.: Constructing cost-effective and targetable industrial control system honeypots for production networks, International Journal of Critical Infrastructure Protection, vol. 10, pp. 47–58 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 IFIP International Federation for Information Processing (outside the US)
About this paper
Cite this paper
Girtz, K., Mullins, B., Rice, M., Lopez, J. (2016). Practical Application Layer Emulation in Industrial Control System Honeypots. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection X. ICCIP 2016. IFIP Advances in Information and Communication Technology, vol 485. Springer, Cham. https://doi.org/10.1007/978-3-319-48737-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-48737-3_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48736-6
Online ISBN: 978-3-319-48737-3
eBook Packages: Computer ScienceComputer Science (R0)