Leveraging Cyber-Physical System Honeypots to Enhance Threat Intelligence - Critical Infrastructure Protection XIII
Conference Papers Year : 2019

Leveraging Cyber-Physical System Honeypots to Enhance Threat Intelligence

Michael Haney
  • Function : Author
  • PersonId : 1112203

Abstract

Honeypots and related deception technologies have long been used to capture and study malicious activity in networks. However, clear requirements for developing effective honeypots for active defense of cyber-physical systems have not been discussed in the literature. This chapter proposes a next generation industrial control system honeynet. Enumerated requirements and a reference framework are presented that bring together the best available honeypot technologies and new adaptations of existing tools to produce a honeynet suitable for detecting targeted attacks against cyber-physical systems. The framework supports high-fidelity simulations and high interactions with attackers while delaying the discovery of the deception. Data control, capture, collection and analysis are supported by a novel and effective honeywall system. A hybrid honeynet, using virtualized and real programmable logic controllers that interact with a physical process model, is presented. The benefits provided by the framework along with the challenges to consider during honeynet deployment and operation are also discussed.
Fichier principal
Vignette du fichier
491841_1_En_11_Chapter.pdf (694.62 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03364564 , version 1 (04-10-2021)

Licence

Identifiers

Cite

Michael Haney. Leveraging Cyber-Physical System Honeypots to Enhance Threat Intelligence. 13th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2019, Arlington, VA, United States. pp.209-233, ⟨10.1007/978-3-030-34647-8_11⟩. ⟨hal-03364564⟩
47 View
145 Download

Altmetric

Share

More