Abstract
Defending critical infrastructure assets is an important, but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and, in some cases, convince attackers to reveal their attack strategies. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used in the critical infrastructure. However, most of these honeypots are static systems that wait for would-be attackers. To be effective, honeypot decoys need to be as realistic as possible. This chapter introduces a proof-of-concept honeypot network traffic generator that mimics a genuine control system in operation. Experiments conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations indicate that the proposed traffic generator supports honeypot integration, traffic matching and routing in a decoy building automation network.
Chapter PDF
Similar content being viewed by others
References
Armed Forces History Museum, World War II’s U.S. Ghost Army, Largo, Florida (www.armedforcesmuseum.com/world-war-iis-us-ghost-army), February 5, 2014.
A. Botta, A. Dainotti and A. Pescape, A tool for the generation of realistic network workload for emerging networking scenarios, Computer Networks, vol. 56(15), pp. 3531–3547, 2012.
A. Botta, W. de Donato, A. Dainotti, S. Avallone and A. Pescape, D-ITG 2.8.1 Manual, Computer for Interaction and Communications (COMICS) Group, Department of Electrical Engineering and Information Technologies, University of Naples Federico II, Naples, Italy (www.grid.unina.it/software/ITG/manual), 2013.
L. Even, IDFAQ: What is a Honeypot? SANS Institute, Bethesda, Maryland (www.sans.org/security-resources/idfaq/what-is-a-honeypot/1/9), July 20, 2000.
Gartner, Gartner says the worlds of IT and operational technology are converging, Press Release, Stamford, Connecticut, March 16, 2011.
K. Girtz, B. Mullins, M. Rice and J. Lopez, Practical application layer emulation in industrial control system honeypots, in Critical Infrastructure Protection X, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 83–98, 2016.
J. Harrison, Honeypots: The sweet spot in network security, Computerworld, November 20, 2003.
Idaho National Laboratory, Control Systems Cyber Security: Defense in Depth Strategies, External Report INL/EXT-06-11478, Idaho Falls, Idaho, 2006.
Ixia, IxLoad Application Replay, Data Sheet, Document No. 915-1744-01 Rev D, Calabasas, California, 2013.
Ixia, IxLoad Overview – Converged Multiplay Service Validation, Data Sheet, Document No. 915-1710-01-2161 Rev S, Calabasas, California, 2016.
I. Mokube and M. Adams, Honeypots: Concepts, approaches and challenges, Proceedings of the Forty-Fifth Annual ACM Southeast Regional Conference, pp. 321–326, 2007.
NetLoad, Test Traffic Solution, Danville, California (www.netloadinc.com/manuals/NetLoadInc_Products.pdf), 2014.
NetLoad, Stateful Traffic Mix Tester Solutions, Danville, California (www.netloadinc.com/manuals/NetLoad_Inc_Brief.pdf), 2015.
NetLoad, User Guide for NetLoad Product Series (Revision 8.9), Danville, California (netloadinc.com/manuals/NetLoadInc._Startup_Guide.pdf), 2016.
Ostinato, Ostinato User Guide (www.gitbook.com/book/pstavirs/ostinato-user-guide/details), 2016.
N. Provos, A virtual honeypot framework, Proceedings of the Thirteenth USENIX Security Symposium, article no. 1, 2004.
W. Shaw, Cybersecurity for SCADA Systems, PennWell Corporation, Tulsa, Oklahoma, 2006.
Siemens, APOGEE Building Level Network on TCP/IP, Technical Specification Sheet (Revision 1), Document No. 149-967, Buffalo Grove, Illinois, 2003.
Siemens, Siemens 2011 APOGEE Brochure (Revision 8), Document No. 153-301 P10, Buffalo Grove, Illinois, 2011.
Siemens, Siemens APOGEE Scalable Brochure, Document No. 611-056, Buffalo Grove, Illinois, 2012.
S. Smith, Catching Flies: A Guide to the Various Flavors of Honeypots, InfoSec Reading Room, SANS Institute, Bethesda, Maryland, 2016.
SolarWinds, WAN Killer: Network Traffic Generator with Engineer’s Toolset, Austin, Texas (www.solarwinds.com/engineers-toolset/wan-killer), 2016.
K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams and A. Hahn, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, Revision 2, National Institute of Standards and Technology, Gaithersburg, Maryland, 2015.
P. Warner, Automatic Configuration of Programmable Logic Controller Emulators, M.S. Thesis, Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio, 2015.
K. Wilhoit, The SCADA That Didn’t Cry Wolf – Who’s Really Attacking Your ICS Equipment? (Part 2), Research Paper, Trend Micro, Cupertino, California, 2013.
M. Winn, M. Rice, S. Dunlap, J. Lopez and B. Mullins, Constructing cost-effective and targetable industrial control system honeypots for production networks, International Journal of Critical Infrastructure Protection, vol. 10, pp. 47–58, 2015.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing (outside the US)
About this paper
Cite this paper
Lin, H., Dunlap, S., Rice, M., Mullins, B. (2017). GENERATING HONEYPOT TRAFFIC FOR INDUSTRIAL CONTROL SYSTEMS. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology, vol 512. Springer, Cham. https://doi.org/10.1007/978-3-319-70395-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-70395-4_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70394-7
Online ISBN: 978-3-319-70395-4
eBook Packages: Computer ScienceComputer Science (R0)