Constructing Cost-Effective and Targetable ICS Honeypots Suited for Production Networks

Abstract

Honeypots are a technique that can mitigate the risk of cyber threats. Effective honeypots are authentic and targetable, and their design and implementation must accommodate risk tolerance and financial constraints. The proprietary, and often expensive, hardware and software used by Industrial Control System (ICS) devices creates the challenging problem of building a flexible, economical, and scalable honeypot. This research extends Honeyd into Honeyd+, making it possible to use the proxy feature to create multiple high interaction honeypots with a single Programmable Logic Controller (PLC). Honeyd+ is tested with a network of 75 decoy PLCs, and the interactions with the decoys are compared to a physical PLC to test for authenticity. The performance test evaluates the impact of multiple simultaneous connections to the PLC. The functional test is successful in all cases. The performance test demonstrated that the PLC is a limiting factor, and that introducing Honeyd+ has a marginal impact on performance. Notable findings are that the Raspberry Pi is the preferred hosting platform, and more than five simultaneous connections were not optimal.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 26, 2015
Accession Number
ADA615223

Entities

People

  • Michael M. Winn

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force
  • Computer Programming
  • Computer Programs
  • Computers
  • Control Systems
  • Cyberattacks
  • Cyberspace Operations
  • Department Of Homeland Security
  • Detection
  • Governments
  • Human-Machine Interfaces
  • Information Operations
  • Infrastructure
  • Load Monitoring
  • Operating Systems
  • Performance Tests
  • United States Government

Readers

  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber