Toward Automating Web Protocol Configuration for a Programmable Logic Controller Emulator

Abstract

Industrial Control Systems (ICS) remain vulnerable through attack vectors that exist within programmable logic controllers (PLC). PLC emulators used as honeypots can provide insight into these vulnerabilities. Honeypots can sometimes deter attackers from real devices and log activity. A variety of PLC emulators exist, but require manual figuration to change their PLC pro le. This limits their flexibility for deployment. An automated process for configuring PLC emulators can open the door for emulation of many types of PLCs. This study investigates the feasibility of creating such a process. The research creates an automated process for figuring the web protocols of a Koyo DirectLogic PLC. The figuration process is a software program that collects information about the PLC and creates a behavior pro le. A generic web server then references that pro le in order to respond properly to requests. To measure the ability of the process, the resulting emulator is evaluated based on response accuracy and timing accuracy. In addition, the figuration time of the process itself is measured. For the accuracy measurements a workload of 1000 GET requests are sent to the index.html page of the PLC, and then to the emulator. These requests are sent at two rates: Slow and PLC Break. The emulator responses are then compared to those of the PLC baseline. Results show that the process completes in 9.8 seconds, on average. The resulting emulator responds with 97.79% accuracy across all trials. It responds 1.3 times faster than the real PLC at the Slow response rate, and 1.4 times faster at the PLC Break rate. Results indicate that the automated process is able to create an emulator with an accuracy that is comparable to a manually figured emulator. This supports the hypothesis that creating an automated process for figuring a PLC emulator with a high level of accuracy is feasible.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 19, 2014
Accession Number
ADA602990

Entities

People

  • Deanna R. Fink

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Space

DTIC Thesaurus Topics

  • Air Force
  • Central Processing Units
  • Computer Networks
  • Computer Programming
  • Computers
  • Control Systems
  • Department Of Homeland Security
  • Governments
  • Human-Machine Interfaces
  • Information Operations
  • Local Area Networks
  • Network Protocols
  • Operating Systems
  • Port Scanners
  • Supervisory Control
  • Test Methods
  • United States Government

Fields of Study

  • Computer science

Readers

  • Computer Engineering
  • Cybersecurity.
  • Parallel and Distributed Computing.