Skip to main content
SpringerLink
Log in

A Scalable Honeynet Architecture for Industrial Control Systems

  • Conference paper
  • First Online:
E-Business and Telecommunications (ICETE 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 585))

Included in the following conference series:

Abstract

Industrial control systems connected to the Internet represent attractive targets for remote attacks. While targeted attacks are often publicly reported, there is no clear information regarding non-targeted attacks. In order to analyse potentially malicious behaviour, we develop a large-scale honeynet system to capture and investigate network activities that use industrial protocols. The honeynet is composed of multiple honeypots that can be automatically deployed to cloud infrastructures as well as on-premises networks, and employs a modular design to support a multitude of industrial protocols. The collected data is aggregated at a series of centralised yet redundant nodes to resist single points of failure or adversarial compromise. We deploy the honeynet to demonstrate the feasibility of our approach and present our observations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Shodan Computer Search Engine. http://www.shodanhq.com/.

  2. 2.

    V. Pothamsetty and M. Franz. SCADA HoneyNet Project: Building Honeypots for Industrial Networks. http://scadahoneynet.sourceforge.net/.

  3. 3.

    Digital Bond Inc. SCADA Honeynet. http://www.digitalbond.com/tools/scada-honeynet/.

  4. 4.

    Conpot. http://www.conpot.org.

  5. 5.

    The Beeswarm project. http://www.beeswarm-ids.org/.

  6. 6.

    HoneyDrive. http://sourceforge.net/projects/honeydrive/.

  7. 7.

    ABB, June 2013. ABB and GlobaLogix partner to provide SCADAvantage in the cloud for oil and gas companies. http://www.abb.ch/cawp/seitp202/5e226590a23709f8c1257b790031ccb8.aspx.

  8. 8.

    Larry Combs, InduSoft, 2011. Cloud computing for SCADA. http://www.indusoft.com/Portals/0/PDF/White-Papers/Whitepaper_CloudComputing.pdf.

  9. 9.

    Amplification DDoS Tracker Project, Chair for System Security of the Ruhr University Bochum, Germany: http://scanresearch1.syssec.ruhr-uni-bochum.de/.

  10. 10.

    University of Michigan: research aiming at a better understanding of the global use of Internet protocols. http://researchscan273.eecs.umich.edu/.

  11. 11.

    Linode: https://www.linode.com/.

  12. 12.

    Santrex. See http://krebsonsecurity.com/2013/10/bulletproof-hoster-santrex-calls-it-quits/ for additional details.

References

  1. Asgarkhani, M., Sitnikova, E.: A strategic approach to managing security in SCADA systems. In: Proceedings of the 13th European Conference on Cyber warefare and Security, pp. 23–32. Academic Conferences and Publishing International Limited, July 2014

    Google Scholar 

  2. Beale, J., Baker, A., Esler, J., Kohlenberg, T., Northcutt, S.: Snort: IDS and IPS Toolkit. Jay Beale’s open source security series. Syngress (2007). http://books.google.ch/books?id=M9plZZxJB_UC

  3. Bodenheim, R., Butts, J., Dunlap, S., Mullins, B.: Evaluation of the ability of the shodan search engine to identify internet-facing industrial control devices. Int. J. Crit. Infrastruct. Prot. 7(2), 114–123 (2014). http://www.sciencedirect.com/science/article/pii/S1874548214000213

    Article  Google Scholar 

  4. Bodenheim, R.C.: Impact of the Shodan Computer Search Engine on Internet-facing Industrial Control System Devices. Master’s Thesis, AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH, March 2014. http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA601219

  5. Buza, D.I., Juhász, F., Miru, G., Félegyházi, M., Holczer, T.: CryPLH: protecting smart energy systems from targeted attacks with a PLC honeypot. In: Cuellar, J. (ed.) SmartGridSec 2014. LNCS, vol. 8448, pp. 181–192. Springer, Switzerland (2014)

    Google Scholar 

  6. Byres, E.: Project SHINE: 1,000,000 internet-connected SCADA and ICS systems and counting, September 2013

    Google Scholar 

  7. Deng, Y., Shukla, S.: A distributed real-time event correlation architecture for SCADA security. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection VII. IFIP AICT, vol. 417, pp. 81–93. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-45330-4_6

    Chapter  Google Scholar 

  8. Di Pietro, A., Foglietta, C., Palmieri, S., Panzieri, S.: Assessing the impact of cyber attacks on interdependent physical systems. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection VII. IFIP AICT, vol. 417, pp. 215–227. Springer, Heidelberg (2013). http://dx.doi.org/10.1007/978-3-642-45330-4_15

    Chapter  Google Scholar 

  9. ICS - CERT: Increasing threat to industrial control systems (update A), May 2013. https://ics-cert.us-cert.gov/alerts/ICS-ALERT-12-046-01A

  10. Ponemon Institute: Critical infrastructure: Security preparedness and maturity. Technical report, Unysis, July 2014. http://www.unisys.com/insights/critical-infrastructure-security

  11. Morris, T.H., Gao, W.: Industrial control system cyber attacks. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research (2013). http://ewic.bcs.org/content/ConWebDoc/51165

  12. NIST: Guide to General Server Security - Recommendations of the National Institute of Standards and Technology, July 2008. http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf

  13. Patton, M., Gross, E., Chinn, R., Forbis, S., Walker, L., Chen, H.: Uninvited connections: a study of vulnerable devices on the internet of things (IoT). In: 2014 IEEE Joint Intelligence and Security Informatics Conference (JISIC), pp. 232–235, September 2014

    Google Scholar 

  14. Robinson, M.: The SCADA threat landscape. In: Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research (2013). http://ewic.bcs.org/content/ConWebDoc/51166

  15. Scott, C.: Designing and implementing a honeypot for a SCADA network. Technical report, The SANS Institute, June 2014

    Google Scholar 

  16. Serbanescu, A.V., Obermeier, S., Yu, D.: A flexible architecture for industrial control system honeypots. In: Proceedings of the 12th International Conference on Security and Cryptography, SECRYPT 2015, Colmar, Alsace, France, pp. 16–26, 20–22 July 2015. http://dx.doi.org/10.5220/0005522500160026

  17. Serbanescu, A.V., Obermeier, S., Yu, D.: ICS threat analysis using a large-scale honeynet. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, ICS-CSR 2015. University of Applied Sciences Ingolstadt, Germany, 17–18 September 2015. http://ewic.bcs.org/content/ConWebDoc/55096

  18. Wade, S.M.: SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats. Master’s Thesis, Iowa State University, Ames, Iowa (2011). http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=3130&context=etd

  19. Wilamowski, B.M., Irwin, J.D.: The Industrial Electronics Handbook - Industrial Communications Systems, 2nd edn., vol. 2. CRC Press, Taylor & Francis Group, Boca Raton, London (2011)

    Google Scholar 

  20. Wilhoit, K.: The SCADA that didnt cry wolf - whos really attacking your ICS equipment? - part deux! (2013). black Hat US 2013

    Google Scholar 

  21. Wilhoit, K.: Whos really attacking your ICS equipment? (2013). black Hat Europe 2013

    Google Scholar 

  22. Zeng, Y.G., Coffey, D., Viega, J.: How vulnerable are unprotected machines on the internet? In: Faloutsos, M., Kuzmanovic, A. (eds.) PAM 2014. LNCS, vol. 8362, pp. 224–234. Springer, Heidelberg (2014). http://dx.doi.org/10.1007/978-3-319-04918-2_22

    Chapter  Google Scholar 

Download references

Author information

Author notes

  1. Alexandru Vlad Serbanescu

    Present address: KPMG AG, Zurich, Switzerland

Authors and Affiliations

  1. ABB Corporate Research, Baden, Switzerland

    Alexandru Vlad Serbanescu & Sebastian Obermeier

  2. Department of Computer Science, ETH Zurich, Zurich, Switzerland

    Alexandru Vlad Serbanescu & Der-Yeuan Yu

Authors
  1. Alexandru Vlad Serbanescu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Obermeier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Der-Yeuan Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sebastian Obermeier .

Editor information

Editors and Affiliations

  1. Dept. of Computer & Info Science, Fordham University, Bronx, New York, USA

    Mohammad S. Obaidat

  2. IUT, University of Haute Alsace, Colmar, France

    Pascal Lorenz

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Serbanescu, A.V., Obermeier, S., Yu, DY. (2016). A Scalable Honeynet Architecture for Industrial Control Systems. In: Obaidat, M., Lorenz, P. (eds) E-Business and Telecommunications. ICETE 2015. Communications in Computer and Information Science, vol 585. Springer, Cham. https://doi.org/10.1007/978-3-319-30222-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30222-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30221-8

  • Online ISBN: 978-3-319-30222-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation