HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems

Efrén López Morales, Carlos E. Rubio-Medrano, Adam Doupé, Ruoyu Wang, Yan Shoshitaishvili, Tiffany Bao, Gail Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Industrial Control Systems (ICSs) provide management and control capabilities for mission-critical utilities such as the nuclear, power, water, and transportation grids. Within ICS, Programmable Logic Controllers (PLCs) play a key role as they serve as a convenient bridge between the cyber and the physical worlds, e.g., controlling centrifuge machines in nuclear power plants. Recently, ICS and PLCs have been the target of sophisticated cyberattacks designed to disrupt their operation. In this context, honeypots have been shown to be highly valuable tools for collecting real data, e.g., malware payload, to better understand the many different strategies that attackers use. However, existing state-of-the-art honeypots for PLCs lack sophisticated service simulations that are required to obtain valuable data and cannot adapt, while malware keeps evolving. This chapter presents HoneyPLC, a high-interaction, extensible, and malware-collecting honeypot supporting a broad spectrum of PLC models and vendors. Experimental results show that HoneyPLC exhibits a high level of camouflaging: it is identified as real devices by multiple widely used reconnaissance tools, and it is also able to record a large amount of interesting interactions over the Internet, showing that HoneyPLC can effectively engage and deceive attackers while collecting data samples for future analysis.

Original languageEnglish (US)
Title of host publicationAdvances in Information Security
PublisherSpringer
Pages145-181
Number of pages37
DOIs
StatePublished - 2023

Publication series

NameAdvances in Information Security
Volume89
ISSN (Print)1568-2633
ISSN (Electronic)2512-2193

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'HoneyPLC: A Next-Generation Honeypot for Industrial Control Systems'. Together they form a unique fingerprint.

Cite this