Creating Effective Industrial-Control-System Honeypots

Authors

  • Neil C. Rowe U.S. Naval Postgraduate School
  • Thuy D. Nguyen U.S. Naval Postgraduate School
  • Marian M. Kendrick U.S. Naval Postgraduate School
  • Zaki A. Rucker U.S. Naval Postgraduate School
  • Dahae Hyun U.S. Naval Postgraduate School
  • Justin C. Brown U.S. Naval Postgraduate School

DOI:

https://doi.org/10.33423/ajm.v20i2.3003

Keywords:

Management, industrial control systems, honeypots, testing, Conpot, Gridpot, traffic, network protocols, deception

Abstract

Cyberattacks on industrial control systems (ICSs) can be especially damaging. Honeypots are valuable network-defense tools, but it is difficult to simulate the specialized protocols of ICSs. This research compared the performance of the Conpot and GridPot honeypot tools for simulating nodes on an electrical grid with live attacks. We evaluated their success by observing their activity patterns and by scanning them. GridPot received a higher rate of traffic than Conpot, and many visitors to both, as well as scanners, did not realize they were honeypots. This is good news for collecting useful attack intelligence with ICS honeypots.

Downloads

Published

2020-08-18

How to Cite

Rowe, N. C., Nguyen, T. D., Kendrick, M. M., Rucker, Z. A., Hyun, D., & Brown, J. C. (2020). Creating Effective Industrial-Control-System Honeypots. American Journal of Management, 20(2). https://doi.org/10.33423/ajm.v20i2.3003

Issue

Section

Articles