![]() ![]() This enables the honeypot to not only lure attackers but also retain them inside to collect intelligence about their behaviour and activities after they penetrate the infrastructure, instead of collecting network traffic only at the entry point. The realism offered by the honeypot as well as logging mechanisms have been evaluated and improved iteratively from cyber attackers’ perspective, through collaboration with cybersecurity experts from Custodio Technologies. ![]() ![]() The team has developed a comprehensive honeypot system with mechanisms such as high-fidelity virtual IEDs and PLCs as well as dummy SCADA traffic generators, which made huge improvements in terms of realism from previous honeypot versions. At the end of the project, the team aims at developing the honeypot system with TRL 6. In particular, the project utilizes ADSC’s experience in smart grid security (e.g., cyber-physical integrated smart grid honeypot prototype) and Custodio Technologies’ expertise in cyber threat detection. This project tackles these challenges towards a practical, high-fidelity ICS honeypot in smart grid domain that offers better realism from attacker’s perspective and effective logging features for security and threat analysis. Besides, logging on honeypot systems that allow conducting analysis of attack vectors and threat intelligence has not yet been well studied or implemented. While there are a number of implementations, to the team’s knowledge none of them offers high-interaction, cyber-physical integrated experience to deceive attackers, and therefore is suitable for retaining attackers inside for conducting longitudinal attack analysis. Honeypot for industrial control systems (ICS) is still in an early stage. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |