Implementing a High-Interaction Hybrid Honeypot For Facility Automation Systems
Abstract
Operational technology includes environments such as industrial control systems, building-automation systems, and transportation systems. With the rising trend of cyberattacks against these systems, operational technology needs better methods to increase security without costly redesigns of existing systems. We developed a high-interaction hybrid honeypot that uses reverse-proxy technology with commercial building automation software and equipment to deceive attackers with real (not simulated) data. Our Web proxy monitors and intercepts malicious requests to manipulate target equipment, and deploys deceptive tactics such as sending fake HTTP acknowledgments and modifying webpages to include misleading information. Our results showed the effectiveness of this method in a controlled environment. This deception technique offers a new low-cost approach to defend building-automation systems in industries and the United States Government, including the Department of Defense, from evolving cyber threats.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2023
- Accession Number
- AD1224969
Entities
People
- Scott D. Colvin
Organizations
- Naval Postgraduate School