Automatic Configuration of Programmable Logic Controller Emulators

Abstract

This research presents a scalable solution to automatically configure programmable logic controller emulators using network traces. The accuracy, flexibility, and efficiency of the proposed framework, ScriptGenE, is tested in three fully automated experiments. Results from the experiments show that ScriptGenE can accurately emulate a PLC's webserver with only one input trace. Additionally, only five input EtherNet/IP traces are required to create an emulator that is identified by RSLinx as a PLC with modules. A minimum of two input traces are required to create a Siemens PLC emulator that can be browsed by STEP7. Additionally, the emulators produce traffic that differs in variability from the reference capture group by less than 0.018% with 95% confidence. Overall, this research provides numerous contributions including the first successful automatically configured application layer honeypot for EtherNet/IP. ScriptGenE requires less input traces than previous works. Additionally, a novel backtracking algorithm is implemented that handles unknown transitions and allows for looping in ICS polling sessions.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2015
Accession Number
ADA620212

Entities

People

  • Phillip C. Warner

Organizations

  • Air Force Institute of Technology

Tags

Communities of Interest

  • Autonomy
  • Cyber
  • Energy and Power Technologies
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Application Protocols
  • Computational Science
  • Computer Networks
  • Computer Programming
  • Computers
  • Control Systems
  • Cybersecurity
  • Data Mining
  • Information Processing
  • Information Science
  • Information Systems
  • Intrusion Detectors
  • Network Protocols
  • Network Science
  • Operating Systems
  • Transport Protocols
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Computer Engineering
  • Cybersecurity.