These aren’t the PLCs you’re looking for : Obfuscating PLCs to mimic Honeypots

Maesschalck, Sam and Fantom, Will and Giotsas, Vasileios and Race, Nicholas (2024) These aren’t the PLCs you’re looking for : Obfuscating PLCs to mimic Honeypots. IEEE Transactions on Network and Service Management, 21 (3). pp. 3623-3635. ISSN 1932-4537

[thumbnail of TNSM3361915]
Text (TNSM3361915)
TNSM3361915.pdf - Accepted Version
Available under License Creative Commons Attribution.

Download (3MB)

Abstract

Industry 4.0 and the trend of connecting legacy Industrial Control Systems (ICSs) to public networks have exposed these systems to various online threats. To combat these threats, honeypots have been widely used to provide proactive monitoring, detection and deception security capabilities. However, skilled attackers are now adept at fingerprinting and avoiding honeypots. Therefore, we take a fundamentally different approach in this paper. Instead of the honeypot representing a real system, we deploy it as a deterrent. Through obfuscation, the aim is to make an attacker believe the real system is a honeypot and collect threat intelligence data on the attacker. To achieve this, we introduce a new obfuscation technique that allows real ICSs to present themselves as honeypots. By taking advantage of honeypot fingerprinting techniques, we are able to deter attackers from interacting with the real Programmable Logic Controller (PLC) within the industrial network. The approach is implemented and evaluated using different penetration testing tools and an expert evaluation highlighting the benefits of obfuscation in that potential adversaries would be misled into assuming the PLC is a honeypot.

Item Type:
Journal Article
Journal or Publication Title:
IEEE Transactions on Network and Service Management
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/1700/1705
Subjects:
?? control systemshoneypotsicsindustrial control systemsindustrial controlintegrated circuitsmonitoringplcprogrammable logic controllersprotocolssecuritysoftware defined networkingsoftware-defined networkingcomputer networks and communicationselectrical and ??
ID Code:
213886
Deposited By:
Deposited On:
01 Feb 2024 14:25
Refereed?:
Yes
Published?:
Published
Last Modified:
20 Nov 2024 01:55