More Web Proxy on the site http://driver.im/

research-article

SCADA security using SSH honeypot

Authors:

Amine Belqruch,

Abdelilah MaachAuthors Info & Claims

NISS '19: Proceedings of the 2nd International Conference on Networking, Information Systems & Security

Article No.: 2, Pages 1 - 5

https://doi.org/10.1145/3320326.3320328

Published: 27 March 2019 Publication History

Abstract

Industrial Control System (ICS) is a term that refers to control systems in production, transmission and distribution architecture in Smart Grid. These systems can be SCADA (Supervisory Control and Data Acquisition System) and DCS (Distributed Control Systems). ICS have moved from proprietary system to open and standard technologies interconnected with others networks such as Internet.

This move to interconnecting ICS with others networks have exposed this system to different attacks and have revealed serious weaknesses. So, these systems must deployed protection measures like IDS, Firewalls, IPS and others. However, detection based on these measures is often based on prior knowledge of the attacks themselves and are not able to study the behavior and techniques used by attackers, which means that new attacks are not detectable by them.

So, in order to detect new attacks, understand malicious activities targeting ICS, and analyses attackers' behaviors and techniques used by them, in this article, we use a SSH honeypot tool called Kippo in order to log brute force attacks and shell interaction performed by attackers in order to take attention away in the production server.

References

[1]

Mohammad Ashiqur Rahman et Ehab Al-Shaer. (2016) Security and Resiliency Analytics for Smart Grids.

[2]

Eric D. Knapp et al., (2013) Applied Cyber Security and the Smart Grid

Digital Library

[3]

YANG XIAO. (2014) Security and privacy in smart grids

Digital Library

[4]

Sanjay Goel. (2015) Smart Grid Security (2015)

Digital Library

[5]

Jorge Cuellar. (2012) NIST2 - Smart Grid Security

[6]

Ronald L. Krutz. (2006) Securing SCADA Systems

Digital Library

[7]

Owen Redwood et al,. (2015) A Symbolic Honeynet Framework for SCADA System Threat Intelligence, In International Conference on Critical Infrastructure Protection pp 103--118

[8]

Paulo Simoes et al,. (2013)On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks Conference: 12th European Conf. on Information Warfare and Security (ECIW 2013)

[9]

Alexandru Vlad Serbanescu et al,. (2016) A Scalable Honeynet Architecture for Industrial Control Systems. In International Conference on E-Business and Telecommunications pp 179--200.

[10]

Charlie Scott. (2014) Designing and Implementing a Honeypot for a SCADA Network

[11]

Alexandru Vlad Serbanescu et al,. (2015) A Flexible Architecture for Industrial Control System Honeypots. In 12th International Conference on Security and Cryptography (SECRYPT-2015), pages 16--26

Digital Library

[12]

L. Zpitzner: Honeypots: Tracking Hackers, Addison Wasley Professional, ISBN-10: 0321108957, (septembre 2002).

Digital Library

[13]

V. Pothamsetty et al, SCADA HoneyNet Project: Building Honeypots for Industrial Networks, Critical Infrastructure Assurance Group, Cisco Systems, San Jose, California, 2005.

[14]

http://scadahoneynet.sourceforge.net/

[15]

Arthur F Jicha (2016) SCADA Honeypots -- An In-depth Analysis of Conpot: THE UNIVERSITY OF ARIZONA

Digital Library

[16]

https://www.digitalbond.com/tools/scadahoneynet/

[17]

Gilbert N et al,. (2016) Smart Grid Security An End-to-End View of Security in the New Electrical Grid-CRC Press

Cited By

Couillard MHale B(2024)DRACO: Production Network Deployment and Evaluation of Deceptive Defense As-a-Service2024 IEEE International Conference on Big Data (BigData)10.1109/BigData62323.2024.10825309(2606-2615)Online publication date: 15-Dec-2024
https://doi.org/10.1109/BigData62323.2024.10825309
Yang XYuan JYang HKong YZhang HZhao J(2023)A Highly Interactive Honeypot-Based Approach to Network Threat ManagementFuture Internet10.3390/fi1504012715:4(127)Online publication date: 28-Mar-2023
https://doi.org/10.3390/fi15040127
Hammoodi Hasan Kabla AAnbar MManickam SAhmed Abdulrahman Alwan AKaruppayah S(2023)Monitoring Peer-to-Peer Botnets: Requirements, Challenges, and Future WorksComputers, Materials & Continua10.32604/cmc.2023.03658775:2(3375-3398)Online publication date: 2023
https://doi.org/10.32604/cmc.2023.036587
Show More Cited By

Recommendations

Gas what?: I can see your GasPots. Studying the fingerprintability of ICS honeypots in the wild
ICSS: Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop

Internet connectivity of electronic devices has brought us the ease of centralized management and these days more and more devices are connected to this globally accessible network. At the same time, this landscape has opened new doors for malicious ...
Cyber In-security of Industrial Control Systems: A Societal Challenge
SAFECOMP 2015: Proceedings of the 34th International Conference on Computer Safety, Reliability, and Security - Volume 9337

Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures CI, their products and services. Many of the CI services as well as other organizations use Industrial Control Systems ICS to monitor and control ...
Using rootkits hiding techniques to conceal honeypot functionality
Abstract
Honeypot is one of the existing technologies in the area of computer network security. The goal of Honeypot is to create a tempting target for the attacker. The system that is considered as a Honeypot in the network includes the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

NISS '19: Proceedings of the 2nd International Conference on Networking, Information Systems & Security

March 2019

512 pages

ISBN:9781450366458

DOI:10.1145/3320326

Editors:
Badr Abouelmajd
FSR, Mohammed V University, Morocco
,
Mohamed Ben Ahmed
FSTT, Abdelmalek Essaâdi University, Morocco
,
Boudhir Anouar Abdelhakim
FSTT, Abdelmalek Essaâdi University, Morocco
,
Hassan El Ghazi
INPT, Morocco

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 March 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

NISS19

NISS19: Networking, Information Systems & Security

March 27 - 29, 2019

Rabat, Morocco

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
526
Total Downloads

Downloads (Last 12 months)51
Downloads (Last 6 weeks)4

Reflects downloads up to 14 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Couillard MHale B(2024)DRACO: Production Network Deployment and Evaluation of Deceptive Defense As-a-Service2024 IEEE International Conference on Big Data (BigData)10.1109/BigData62323.2024.10825309(2606-2615)Online publication date: 15-Dec-2024
https://doi.org/10.1109/BigData62323.2024.10825309
Yang XYuan JYang HKong YZhang HZhao J(2023)A Highly Interactive Honeypot-Based Approach to Network Threat ManagementFuture Internet10.3390/fi1504012715:4(127)Online publication date: 28-Mar-2023
https://doi.org/10.3390/fi15040127
Hammoodi Hasan Kabla AAnbar MManickam SAhmed Abdulrahman Alwan AKaruppayah S(2023)Monitoring Peer-to-Peer Botnets: Requirements, Challenges, and Future WorksComputers, Materials & Continua10.32604/cmc.2023.03658775:2(3375-3398)Online publication date: 2023
https://doi.org/10.32604/cmc.2023.036587
Sethuraman SJadapalli TSudhakaran DMohanty S(2023)Flow based containerized honeypot approach for network traffic analysis: An empirical studyComputer Science Review10.1016/j.cosrev.2023.10060050(100600)Online publication date: Nov-2023
https://doi.org/10.1016/j.cosrev.2023.100600
Mercaldo FMartinelli FSantone A(2022)Timed Automata Networks for SCADA Attacks Real-Time MitigationIntelligent Decision Technologies10.1007/978-981-19-3444-5_47(549-559)Online publication date: 27-Jul-2022
https://doi.org/10.1007/978-981-19-3444-5_47
Sri Latha PPrasanth Vaidya S(2022)Multi-purpose Web Application Honeypot to Detect Multiple Types of Attacks and Expose the Attacker’s IdentityComputational Vision and Bio-Inspired Computing10.1007/978-981-16-9573-5_21(279-287)Online publication date: 31-Mar-2022
https://doi.org/10.1007/978-981-16-9573-5_21
Franco JAris ACanberk BUluagac A(2021)A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical SystemsIEEE Communications Surveys & Tutorials10.1109/COMST.2021.310666923:4(2351-2383)Online publication date: Dec-2022
https://doi.org/10.1109/COMST.2021.3106669
Yadav GPaul K(2021)Architecture and security of SCADA systemsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2021.10043334:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.ijcip.2021.100433
Dodson MBeresford AThomas D(2020)When will my PLC support Mirai? The security economics of large-scale attacks against Internet-connected ICS devices2020 APWG Symposium on Electronic Crime Research (eCrime)10.1109/eCrime51433.2020.9493257(1-14)Online publication date: 16-Nov-2020
https://doi.org/10.1109/eCrime51433.2020.9493257
Li BXiao YShi YKong QWu YBao H(2020)Anti-Honeypot Enabled Optimal Attack Strategy for Industrial Cyber-Physical SystemsIEEE Open Journal of the Computer Society10.1109/OJCS.2020.30308251(250-261)Online publication date: 2020
https://doi.org/10.1109/OJCS.2020.3030825
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents