Creating Effective Industrial-Control-System Honeypots

Authors

  • Neil C. Rowe U.S. Naval Postgraduate School
  • Thuy D. Nguyen U.S. Naval Postgraduate School
  • Marian M. Kendrick U.S. Naval Postgraduate School
  • Zaki A. Rucker U.S. Naval Postgraduate School
  • Dahae Hyun U.S. Naval Postgraduate School
  • Justin C. Brown U.S. Naval Postgraduate School

Keywords:

Management, industrial control systems, honeypots, testing, Conpot, Gridpot, traffic, network protocols, deception

Abstract

Cyberattacks on industrial control systems (ICSs) can be especially damaging. Honeypots are valuable network-defense tools, but it is difficult to simulate the specialized protocols of ICSs. This research compared the performance of the Conpot and GridPot honeypot tools for simulating nodes on an electrical grid with live attacks. We evaluated their success by observing their activity patterns and by scanning them. GridPot received a higher rate of traffic than Conpot, and many visitors to both, as well as scanners, did not realize they were honeypots. This is good news for collecting useful attack intelligence with ICS honeypots.

References

Downloads

Published

2020-08-18

Issue

Vol. 20 No. 2 (2020)

Section

Articles

How to Cite

Creating Effective Industrial-Control-System Honeypots. (2020). American Journal of Management, 20(2). https://articlearchives.co/index.php/AJM/article/view/1508