File:IDENTIFYING HONEYPOTS SIMULATING INTERNET-CONNECTED INDUSTRIAL-CONTROL SYSTEM DEVICES (IA identifyinghoney1094563438).pdf
Original file (1,275 × 1,650 pixels, file size: 709 KB, MIME type: application/pdf, 86 pages)
Captions
Summary[edit]
IDENTIFYING HONEYPOTS SIMULATING INTERNET-CONNECTED INDUSTRIAL-CONTROL SYSTEM DEVICES ( ) | |
---|---|
Author |
Brown, Justin C. |
Title |
IDENTIFYING HONEYPOTS SIMULATING INTERNET-CONNECTED INDUSTRIAL-CONTROL SYSTEM DEVICES |
Publisher |
Monterey, CA; Naval Postgraduate School |
Description |
Heuristic analysis can reveal honeypots (decoy computer systems doing intelligence gathering) among Internet-connected industrial-control sites. Detectability of honeypots is undesirable, as it enables a careful adversary to avoid them, thus inhibiting valuable intelligence. However, counting honeypots is crucial to cyber-security policy and planning activities. Using a data set that includes industrial-control sites and industrial-control honeypots on the public Internet, we tested three heuristics for their ability to detect instances of the Conpot honeypot. The heuristics searched for sites containing keywords from Conpot, for services on combinations of port numbers matching Conpot, and for industrial-control sites located in a public cloud service provider. Performance of each heuristic was tested by manual inspection of data returned by hosts to Shodan's probes, which we used to assess each host's status as an instance of Conpot or not. Testing showed mixed success of the three heuristics, highlighting presence of honeypots simulating Siemens STEP 7 devices. We also tested Honeyscore, a commercial product which tries to identify honeypots, and found it had good success but was not perfect. We show that no single tool detected all honeypots, and that multiple tools can be complementary. Suggestions are offered for increasing detection rates, as well as potential additional heuristics to test. Subjects: honeypot; cybersecurity; cyber-deception; industrial-control |
Language | English |
Publication date | September 2019 |
Current location |
IA Collections: navalpostgraduateschoollibrary; fedlink |
Accession number |
identifyinghoney1094563438 |
Source | |
Permission (Reusing this file) |
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. |
Licensing[edit]
Public domainPublic domainfalsefalse |
This work is in the public domain in the United States because it is a work prepared by an officer or employee of the United States Government as part of that person’s official duties under the terms of Title 17, Chapter 1, Section 105 of the US Code.
Note: This only applies to original works of the Federal Government and not to the work of any individual U.S. state, territory, commonwealth, county, municipality, or any other subdivision. This template also does not apply to postage stamp designs published by the United States Postal Service since 1978. (See § 313.6(C)(1) of Compendium of U.S. Copyright Office Practices). It also does not apply to certain US coins; see The US Mint Terms of Use.
|
||
This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights. |
https://creativecommons.org/publicdomain/mark/1.0/PDMCreative Commons Public Domain Mark 1.0falsefalse
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Thumbnail | Dimensions | User | Comment | |
---|---|---|---|---|---|
current | 21:28, 21 July 2020 | 1,275 × 1,650, 86 pages (709 KB) | Fæ (talk | contribs) | FEDLINK - United States Federal Collection identifyinghoney1094563438 (User talk:Fæ/IA books#Fork8) (batch 1993-2020 #18116) |
You cannot overwrite this file.
File usage on Commons
The following page uses this file:
Metadata
This file contains additional information such as Exif metadata which may have been added by the digital camera, scanner, or software program used to create or digitize it. If the file has been modified from its original state, some details such as the timestamp may not fully reflect those of the original file. The timestamp is only as accurate as the clock in the camera, and it may be completely wrong.
Short title | IDENTIFYING HONEYPOTS SIMULATING INTERNET-CONNECTED INDUSTRIAL-CONTROL SYSTEM DEVICES |
---|---|
Image title | |
Author | Brown, Justin C. |
Software used | Brown, Justin C. |
Conversion program | Adobe Acrobat Pro 11.0.23 |
Encrypted | no |
Page size | 612 x 792 pts (letter) |
Version of PDF format | 1.4 |