Abstract
Honeypot, as an active defense technology, can make up for the low efficiency of detection system for unknown threats and is of great significance for the safety of industrial control network. At present, there are many defects in industrial control system (ICS) honeypot, which can’t support large-scale deployment at the same time with high fraudulence and a certain degree of interaction. In order to compensate for these defects, an improved honeypot scheme has been proposed, which is based on the SNAP7 and IMUNES. The proposed honeypot can be deployed rapidly, and also, through the use of IMUNES and SNAP7 to achieve rapid construction of industrial control network “shadow” system, the system has the characteristics of light weight, high, strong deceptive and a certain degree of interaction. With scalability, it is easy to achieve docking industrial control Honeynet and computer network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Duqu. http://www.crysys.hu/publications/files/bencsathPBFllduqu. Accessed 7 Sept 2017
SkyWiper. http://www.crysys.hu/skywiper/skywiper. Accessed 7 Sept 2017
Butun, I., Morgera, S., Sankar, R.: A survey of intrusion detection systems in wireless sensor networks. IEEE Commun. Surv. 1(16), 266–282 (2014)
Cheminod, M., Durante, I., Valenzano, A.: Review of security issues in industrial networks. IEEE Trans. Ind. Inform. 1(6), 277–293 (2013)
Stouffer, K., Pillitteri, V., Lightman, S.: Guide to industrial control systems security. NIST Spec. Publ. 1(8), 80–82 (2015)
The conpot project. http://www.conpot.org. Accessed 12 Nov 2017
Buza, D.I., Juhász, F., Miru, G., Félegyházi, M., Holczer, T.: CryPLH: protecting smart energy systems from targeted attacks with a PLC honeypot. In: Cuellar, J. (ed.) SmartGridSec 2014. LNCS, vol. 8448, pp. 181–192. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10329-7_12
Stephan, L., Johannes, K., Stephan, A.: POSTER: towards highly interactive honeypots for industrial control systems. Comput. Commun. Secur. 10(16), 1823–1825 (2016)
SNAP7. https://snap7.sourceforge.net. Accessed 9 Mar 2018
Kriaa, S., Pietre-Cambacedes, L., Bouissou, M.: A survey of approaches combining safety and security for industrial control system. Reliab. Eng. Syst. Saf. 139, 156–178 (2015)
Wilhiot, K.: Who’s really attacking your ICS equipment. Trend Micro Incorporated (2013)
Stipe, K., Stjepan, G., Miljenko, M.: An experiment in using IMUNES and conpot to emulate honeypot control networks. In: IEEE Information and Communication Technology (2017)
Bodenheim, R., Butts, J., Dunlap, S., Mullins, S.: Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. Int. J. Crit. Infrastruct. Prot. 2(7), 114–123 (2014)
Merkel, D.: Docker: lightweight linux containers for consistent development and deployment. Linux J. 2, 239 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Ding, C., Zhai, J., Dai, Y. (2018). An Improved ICS Honeypot Based on SNAP7 and IMUNES. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11063. Springer, Cham. https://doi.org/10.1007/978-3-030-00006-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-00006-6_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00005-9
Online ISBN: 978-3-030-00006-6
eBook Packages: Computer ScienceComputer Science (R0)