Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks
Abstract
A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real-world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examine control system network traffic and actively adapt to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, an established network security tool not commonly used in this capacity, outperformed the other tools and was chosen for implementation. Utilizing Ettercap XML output, a novel four-step algorithm was developed for autonomous creation and update of a Honeyd configuration. This algorithm was tested on an existing small campus grid and sensor network by execution of a collaborative usage scenario. Automatically created virtual hosts were deployed in concert with an anomaly behavior (AB) system in an attack scenario. Virtual hosts were automatically configured with unique emulated network stack behaviors for 92% of the targeted devices. The AB system alerted on 100% ofmore »
- Authors:
-
- Idaho National Lab. (INL), Idaho Falls, ID (United States)
- Publication Date:
- Research Org.:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1136315
- Report Number(s):
- INL/JOU-14-32392
Journal ID: ISSN 1551-3203; TRN: US1500453
- Grant/Contract Number:
- AC07-05ID14517
- Resource Type:
- Accepted Manuscript
- Journal Name:
- IEEE Transactions on Industrial Informatics
- Additional Journal Information:
- Journal Volume: 10; Journal Issue: 2; Journal ID: ISSN 1551-3203
- Publisher:
- IEEE
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING; INDUSTRIAL CONTROL NETWORKS; VIRTUAL HOSTS
Citation Formats
Vollmer, Todd, and Manic, Milos. Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks. United States: N. p., 2014.
Web. doi:10.1109/TII.2014.2304633.
Vollmer, Todd, & Manic, Milos. Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks. United States. https://doi.org/10.1109/TII.2014.2304633
Vollmer, Todd, and Manic, Milos. Thu .
"Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks". United States. https://doi.org/10.1109/TII.2014.2304633. https://www.osti.gov/servlets/purl/1136315.
@article{osti_1136315,
title = {Cyber-Physical System Security With Deceptive Virtual Hosts for Industrial Control Networks},
author = {Vollmer, Todd and Manic, Milos},
abstractNote = {A challenge facing industrial control network administrators is protecting the typically large number of connected assets for which they are responsible. These cyber devices may be tightly coupled with the physical processes they control and human induced failures risk dire real-world consequences. Dynamic virtual honeypots are effective tools for observing and attracting network intruder activity. This paper presents a design and implementation for self-configuring honeypots that passively examine control system network traffic and actively adapt to the observed environment. In contrast to prior work in the field, six tools were analyzed for suitability of network entity information gathering. Ettercap, an established network security tool not commonly used in this capacity, outperformed the other tools and was chosen for implementation. Utilizing Ettercap XML output, a novel four-step algorithm was developed for autonomous creation and update of a Honeyd configuration. This algorithm was tested on an existing small campus grid and sensor network by execution of a collaborative usage scenario. Automatically created virtual hosts were deployed in concert with an anomaly behavior (AB) system in an attack scenario. Virtual hosts were automatically configured with unique emulated network stack behaviors for 92% of the targeted devices. The AB system alerted on 100% of the monitored emulated devices.},
doi = {10.1109/TII.2014.2304633},
journal = {IEEE Transactions on Industrial Informatics},
number = 2,
volume = 10,
place = {United States},
year = {Thu May 01 00:00:00 EDT 2014},
month = {Thu May 01 00:00:00 EDT 2014}
}
Web of Science
Works referencing / citing this record:
Security Attacks in Wireless Sensor Networks: A Survey
book, January 2018
- Dewal, Prachi; Narula, Gagandeep Singh; Jain, Vishal
- Advances in Intelligent Systems and Computing
Research on information security system of waste terminal disposal process
journal, May 2017
- Zhou, Chao; Wang, Ziying; Guo, Jing
- IOP Conference Series: Earth and Environmental Science, Vol. 64
Cyber Physical System (CPS)-Based Industry 4.0: A Survey
journal, September 2017
- Lu, Yang
- Journal of Industrial Integration and Management, Vol. 02, Issue 03