{"title":"Fake PLC in the Cloud, We Thought the Attackers Believed that: How ICS Honeypot Deception Gets Impacted by Cloud Deployments?","authors":"Stanislava Ivanova, N. Moradpoor","doi":"10.1109/WFCS57264.2023.10144119","DOIUrl":null,"url":null,"abstract":"The Industrial Control System (ICS) industry faces an ever-growing number of cyber threats - defence against which can be strengthened using honeypots. As the systems they mimic, ICS honeypots shall be deployed in a similar context to field ICS systems. This ICS context demands a novel honeypot deployment process, that is more consistent with real ICS systems. State-of-the-art ICS honeypots mainly focus on deployments in cloud environments which could divulge the true intent to cautious adversaries. This experimental research project addresses this limitation by evaluating the deception capability of a public cloud and an on-premise deployment. Results from a 65-day, HoneyPLC experiment show that the on-premise deployment attracts more Denial of Service and Reconnaissance ICS attacks. The results guide future researchers that an on-premise deployment might be more convincing and attract more ICS-relevant interactions.","PeriodicalId":345607,"journal":{"name":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","volume":"1 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WFCS57264.2023.10144119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The Industrial Control System (ICS) industry faces an ever-growing number of cyber threats - defence against which can be strengthened using honeypots. As the systems they mimic, ICS honeypots shall be deployed in a similar context to field ICS systems. This ICS context demands a novel honeypot deployment process, that is more consistent with real ICS systems. State-of-the-art ICS honeypots mainly focus on deployments in cloud environments which could divulge the true intent to cautious adversaries. This experimental research project addresses this limitation by evaluating the deception capability of a public cloud and an on-premise deployment. Results from a 65-day, HoneyPLC experiment show that the on-premise deployment attracts more Denial of Service and Reconnaissance ICS attacks. The results guide future researchers that an on-premise deployment might be more convincing and attract more ICS-relevant interactions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
