We describe our ongoing efforts toward the development of an advanced honeypot that simulates a complex distributed control system (DCS) used in industrial settings such as chemical, oil and gas, water treatment, and food processing plants. Indeed, while anecdotally it is known that ICS are targets of attacks, the details of most incidents are not publicly released (with the exception of high profile cases such as Stuxnet or TRITON). Thus, we believe that, by deploying a honeypot that replicates a real-world deployment of a DCS, we will be able to capture the attempts of attacks toward complex control systems and gain useful insights for the research community. We recently deployed the honeypot in the network of a multinational company that uses the DCS in the course of their business. As a long term goal, we aim to deploy the honeypot on multiple network vantage points, and to collect a repository of ICS attack techniques, as well as ICS malware, to be shared with the security community.

Poster: Using Honeypots to Understand Attacks to Industrial Control Systems

Pogliani, Marcello;Zanero, Stefano
2019

Abstract

We describe our ongoing efforts toward the development of an advanced honeypot that simulates a complex distributed control system (DCS) used in industrial settings such as chemical, oil and gas, water treatment, and food processing plants. Indeed, while anecdotally it is known that ICS are targets of attacks, the details of most incidents are not publicly released (with the exception of high profile cases such as Stuxnet or TRITON). Thus, we believe that, by deploying a honeypot that replicates a real-world deployment of a DCS, we will be able to capture the attempts of attacks toward complex control systems and gain useful insights for the research community. We recently deployed the honeypot in the network of a multinational company that uses the DCS in the course of their business. As a long term goal, we aim to deploy the honeypot on multiple network vantage points, and to collect a repository of ICS attack techniques, as well as ICS malware, to be shared with the security community.
File in questo prodotto:
File Dimensione Formato  
hotcrp_sp19posters-final7.pdf

accesso aperto

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 921.19 kB
Formato Adobe PDF
921.19 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11311/1099143
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact