David McColm
Improved ICS Honeypot Techniques
McColm, David; Macfarlane, Rich
Abstract
As work continues to advance the security posture of ICS systems across the UKNDA estate, opportunities arise to consider the deployment of deception technologies. With high-profile attacks on ICS occurring more frequently, and increasing numbers of adversaries developing ever more sophisticated techniques, strategies to try and stay ahead of the curve become increasingly necessary. Honeypots are an important research tool for discovering both new threat actors and any new techniques they are developing before they can cause harm. Outside of research, Honeypots are deployed internally as a tool to be used during defensively where they act as a distraction or early warning. This paper will examine current state of ICS Honeypots, and propose a new high-interaction honeypot technique using common industry tools. It is this new honeypot is made cheap and simple to deploy by making use of Siemens PLCSIM software, already in wide use in the nuclear industry. Offline validation testing and live internet deployment will be used to test and compare directly with other existing low and high interactivity honeypots. The results from the honeypots will be compared to examine scanning activity, reconnaissance activity and attacks to look for differences in both type and amount of activity seen.
Citation
McColm, D., & Macfarlane, R. (2023, June). Improved ICS Honeypot Techniques. Paper presented at International Conference on Computer Security in the Nuclear World: Security for Safety, Vienna, Austria
Presentation Conference Type | Conference Paper (unpublished) |
---|---|
Conference Name | International Conference on Computer Security in the Nuclear World: Security for Safety |
Start Date | Jun 19, 2023 |
End Date | Jun 23, 2023 |
Acceptance Date | Feb 6, 2023 |
Deposit Date | May 15, 2023 |
Peer Reviewed | Peer Reviewed |
Publisher URL | https://www.iaea.org/events/cybercon23 |
Files
Improved ICS Honeypot Techniques (accepted version)
(778 Kb)
PDF
You might also like
Approaches to the classification of high entropy file fragments.
(2013)
Journal Article
Evaluation of the DFET Cloud.
(2015)
Presentation / Conference Contribution
Teaching penetration and malware analysis in a cloud-based environment.
(2015)
Presentation / Conference Contribution
Evaluating Digital Forensic Tools (DFTs).
(2014)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search