Last Line of Defense: Reliability Through Inducing Cyber Threat Hunting With Deception in SCADA Networks

There exists a gap between existing security mechanisms and their ability to detect advancing threats. Antivirus EDR (End Point Detection Response) aim prevent threats; such are reactive. This approach did not prove be effective in protecting against stealthy attacks. SCADA (Supervisory Control Data Acquisition) is crucial for any country. However, always an easy target adversaries due lack of heterogeneous devices. An attack on mainly considered national-level threat. Recent research has "unknown threats," which left security. The proactive approach, as threat hunting, the need hour. In this research, we investigated that hunting conjunction with cyber deception kill chain countervailing effects detecting threats mitigating them. We have used concept "decoy farm" network, where all attacks engaged. Moreover, present novel detection prevention SCADA, focusing unknown To test effectiveness emulated several Linux Windows-based simulated network. concluded our detects prevents attacker before using current reactive mechanism enhanced protection results experiments show proposed significantly improved ability.