Constructing Cost-Effective and Targetable ICS Honeypots Suited for Production Networks
AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT
Pagination or Media Count:
Honeypots are a technique that can mitigate the risk of cyber threats. Effective honeypots are authentic and targetable, and their design and implementation must accommodate risk tolerance and financial constraints. The proprietary, and often expensive, hardware and software used by Industrial Control System ICS devices creates the challenging problem of building a flexible, economical, and scalable honeypot. This research extends Honeyd into Honeyd, making it possible to use the proxy feature to create multiple high interaction honeypots with a single Programmable Logic Controller PLC. Honeyd is tested with a network of 75 decoy PLCs, and the interactions with the decoys are compared to a physical PLC to test for authenticity. The performance test evaluates the impact of multiple simultaneous connections to the PLC. The functional test is successful in all cases. The performance test demonstrated that the PLC is a limiting factor, and that introducing Honeyd has a marginal impact on performance. Notable findings are that the Raspberry Pi is the preferred hosting platform, and more than five simultaneous connections were not optimal.
- Computer Programming and Software