Dynamic Honeypot Configuration for Programmable Logic Controller Emulation

Abstract

This research develops an enhanced, application layer emulator capable of alleviating honey net scalability and honeypot inauthenticity limitations. The proposed emulator combines protocol-agnostic replay with dynamic updating via a proxy. The result is a software tool which can be readily integrated into existing honeypot frameworks for improved performance. The proposed emulator is evaluated on traffic reduction on the back-end proxy device, application layer task accuracy, and byte-level traffic accuracy. Experiments show the emulator is able to successfully reduce the load on the proxy device by up to 98 for some protocols. The emulator also provides equal or greater accuracy over a design which does not use a proxy. At the byte level, traffic variation is statistically equivalent while task success rates increase by 14 to 90 depending on the protocol. Finally, of the proposed proxy synchronization algorithms, temp lock and its minimal variant are found to provide the best overall performance.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2016
Accession Number
AD1053817

Entities

People

  • Kyle A Girtz

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Biomedical
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Air Force
  • Application Protocols
  • Computer Networks
  • Computer Programming
  • Computers
  • Control Systems
  • Databases
  • Electronic Mail
  • Governments
  • Graphical User Interface
  • Human-Machine Interfaces
  • Industrial Control Systems
  • Intrusion Detectors
  • Network Protocols
  • Operating Systems
  • Reliability
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computer Engineering
  • Cybersecurity.
  • Parallel and Distributed Computing.