David McColm
Improved ICS Honeypot Techniques
McColm, David; Macfarlane, Rich
Abstract
As work continues to advance the security posture of ICS systems across the UKNDA estate, opportunities arise to consider the deployment of deception technologies. With high-profile attacks on ICS occurring more frequently, and increasing numbers of adversaries developing ever more sophisticated techniques, strategies to try and stay ahead of the curve become increasingly necessary. Honeypots are an important research tool for discovering both new threat actors and any new techniques they are developing before they can cause harm. Outside of research, Honeypots are deployed internally as a tool to be used during defensively where they act as a distraction or early warning. This paper will examine current state of ICS Honeypots, and propose a new high-interaction honeypot technique using common industry tools. It is this new honeypot is made cheap and simple to deploy by making use of Siemens PLCSIM software, already in wide use in the nuclear industry. Offline validation testing and live internet deployment will be used to test and compare directly with other existing low and high interactivity honeypots. The results from the honeypots will be compared to examine scanning activity, reconnaissance activity and attacks to look for differences in both type and amount of activity seen.
Presentation Conference Type | Conference Paper (Published) |
---|---|
Conference Name | International Conference on Computer Security in the Nuclear World: Security for Safety |
Start Date | Jun 19, 2023 |
End Date | Jun 23, 2023 |
Acceptance Date | Feb 6, 2023 |
Deposit Date | May 15, 2023 |
Publisher URL | https://www.iaea.org/events/cybercon23 |
This file is under embargo due to copyright reasons.
Contact repository@napier.ac.uk to request a copy for personal use.
You might also like
Approaches to the classification of high entropy file fragments.
(2013)
Journal Article
Formal security policy implementations in network firewalls.
(2011)
Journal Article
Evaluation of TFTP DDoS amplification attack
(2015)
Journal Article
Evaluation of the DFET Cloud.
(2015)
Presentation / Conference Contribution
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search