A Symbolic Honeynet Framework for SCADA System Threat Intelligence - Critical Infrastructure Protection IX
Conference Papers Year : 2015

A Symbolic Honeynet Framework for SCADA System Threat Intelligence

Abstract

Current SCADA honeypot technologies present attackers with static or pseudo-random data, and are unlikely to entice attackers to use high value or zero-day attacks. This chapter presents a symbolic cyberphysical honeynet framework that addresses the problem, enhances the screening and coalescence of attack events for analysis, provides attack introspection down to the physics level of a SCADA system and enables forensic replays of attacks. The work extends honeynet methodologies with integrated physics simulation and anomaly detection utilizing a symbolic data flow model of system physics. Attacks that trigger anomalies in the physics of a system are captured and organized via a coalescing algorithm for efficient analysis. Experimental results are presented to demonstrate the effectiveness of the approach.
Fichier principal
Vignette du fichier
978-3-319-26567-4_7_Chapter.pdf (1.19 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01431016 , version 1 (10-01-2017)

Licence

Identifiers

Cite

Owen Redwood, Joshua Lawrence, Mike Burmester. A Symbolic Honeynet Framework for SCADA System Threat Intelligence. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. pp.103-118, ⟨10.1007/978-3-319-26567-4_7⟩. ⟨hal-01431016⟩
118 View
769 Download

Altmetric

Share

More