ICS Threat Analysis Using a Large-Scale Honeynet
نویسندگان
چکیده
A cyber security strategy for Industrial Control Systems (ICS) is typically based on the identified threats to a system. In order to obtain a better insight into the ICS-related threat landscape, we have deployed a largescale, low-interaction honeypot system on the Internet and have analysed the interactions observed during 28-day long experiments. We describe the interaction results for a variety of industrial and non-industrial protocols, and we analyse the influence of industrial devices being listed on a device-oriented public search engine such as SHODAN. Finally, different combinations of these protocols are compared to determine their relative attractiveness to an external attacker.
منابع مشابه
Towards Automating Analysis of Large-Scale Honeynet Events
Inspired by the work of Yegneswaran and colleagues on “Internet situational awareness” [30], we investigate ways to analyze data captured by honeynets—unused address blocks on which we deploy honeypot responders in order to elicit information about incoming probes—to understand the significance of large-scale “events” seen by the honeynet. In such events, an entire collection of remote hosts to...
متن کاملFeature selection using genetic algorithm for classification of schizophrenia using fMRI data
In this paper we propose a new method for classification of subjects into schizophrenia and control groups using functional magnetic resonance imaging (fMRI) data. In the preprocessing step, the number of fMRI time points is reduced using principal component analysis (PCA). Then, independent component analysis (ICA) is used for further data analysis. It estimates independent components (ICs) of...
متن کاملHONEYNET SOLUTIONS A deployment guide
Honeynets provide network and system managers a unique intrusion detection and monitoring system that provides indications of malicious behavior in a near “false positive” proof manner. When deployed properly, these systems can provide warning of both inside and external network threats. However if the deployment is not tightly integrated into the existing topology and the honeynet is configure...
متن کاملAn Attacker-Defender Game for Honeynets
A honeynet is a portion of routed but otherwise unused address space that is instrumented for network traffic monitoring. It is an invaluable tool for understanding unwanted Internet traffic and malicious attacks. We formalize the problem of defending honeynets from systematic mapping (a serious threat to their viability) as a simple two-person game. The objective of the Attacker is to identify...
متن کاملA framework for attack patterns’ discovery in honeynet data
Collecting data related to Internet threats has now become a relatively common task for security researchers and network operators. However, the huge amount of raw data can rapidly overwhelm people in charge of analyzing such data sets. Systematic analysis procedures are thus needed to extract useful information from large traffic data sets in order to assist the analyst’s investigations. This ...
متن کامل