Developing a Dual-Purpose Web Honeypot for Characterizing Attacks on a Simulated Power Grid

Abstract

Protection of industrial control systems (ICS) is a critical security task since failure can lead to large-scale damage. Exposing these systems to the Internet makes them more useful but also more vulnerable to costly attacks. This thesis explored using honeypots to help defend Internet-connected ICSs. Honeypots are deceptive systems deployed to identify and gather intelligence on cyberattacks. Our work developed a dual-purpose Webserver that functions both as a Web honeypot and as the front end of an ICS honeypot simulating a residential electrical microgrid. Our Web server ran reliably and without any identified compromise on a major cloud server. We observed significant scanning, and some HTTP-based attack attempts, including the Mirai botnet malware. Our results showed that the dual-purpose Web honeypot improved data collection and protection of the Internet-exposed user interface of the ICS honeypot. This could help improve the security of critical systems in industries and the federal government including the Department of Defense.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2023
Accession Number
AD1225560

Entities

People

  • Andrew D Sill

Organizations

  • Naval Postgraduate School

Tags

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Cybersecurity.
  • Defense Technology Research and Development.

Technology Areas

  • Cyber