DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1044935
Title:
Using Honeynets and the Diamond Model for ICS Threat Analysis
Corporate Author:
CARNEGIE-MELLON UNIV PITTSBURGH PA PITTSBURGH United States
Report Date:
2016-05-11
Abstract:
The use of a honeyneta network of seemingly vulnerable machines designed to lure attackersis an established technique for collecting threat intelligence across various network environments. As a result, organizations have begun to use this approach to protect networked industrial control systems ICS. Organizations hope to observe attempts to compromise their systems in an isolated environment, enabling them to deploy mitigations and harden their networks against emerging threats. This report presents an approach to analyzing approximately 16 gigabytes of full packet capture data collected from an ICS honeynet. The data is analyzed in the context of other open source information about known threats to ICS to understand how adversaries interacted with the net-work and the types of attacks they attempted. To provide a more rigorous approach to characterizing these threat actors, the study employed the well-known Diamond Model of Intrusion Analysis. It applied this model to define and categorize several groups of potential threat actors observed within the data. The study also evaluated the effectiveness of honeynets as a tool for ICS threat intelligence. This report includes several recommendations for their deployment and emphasizes active interaction with external hosts to generate higher quality data.
Descriptive Note:
Technical Report
Pages:
0039
Distribution Statement:
Approved For Public Release;
Contract Number:
FA8721-05-C-0003
File Size:
0.27MB
