Skip to main content

Research Repository

Advanced Search

Improved ICS Honeypot Techniques

McColm, David; Macfarlane, Rich


David McColm


As work continues to advance the security posture of ICS systems across the UKNDA estate, opportunities arise to consider the deployment of deception technologies. With high-profile attacks on ICS occurring more frequently, and increasing numbers of adversaries developing ever more sophisticated techniques, strategies to try and stay ahead of the curve become increasingly necessary. Honeypots are an important research tool for discovering both new threat actors and any new techniques they are developing before they can cause harm. Outside of research, Honeypots are deployed internally as a tool to be used during defensively where they act as a distraction or early warning. This paper will examine current state of ICS Honeypots, and propose a new high-interaction honeypot technique using common industry tools. It is this new honeypot is made cheap and simple to deploy by making use of Siemens PLCSIM software, already in wide use in the nuclear industry. Offline validation testing and live internet deployment will be used to test and compare directly with other existing low and high interactivity honeypots. The results from the honeypots will be compared to examine scanning activity, reconnaissance activity and attacks to look for differences in both type and amount of activity seen.

Presentation Conference Type Conference Paper (Published)
Conference Name International Conference on Computer Security in the Nuclear World: Security for Safety
Start Date Jun 19, 2023
End Date Jun 23, 2023
Acceptance Date Feb 6, 2023
Deposit Date May 15, 2023
Publisher URL

This file is under embargo due to copyright reasons.

Contact to request a copy for personal use.

You might also like

Downloadable Citations