The Case for Virtual PLC-enabled Honeypot Design

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2023-07-01 DOI:10.1109/EuroSPW59978.2023.00044

S. Y. Chowdhury, Brandon Dudley, Ruimin Sun

{"title":"The Case for Virtual PLC-enabled Honeypot Design","authors":"S. Y. Chowdhury, Brandon Dudley, Ruimin Sun","doi":"10.1109/EuroSPW59978.2023.00044","DOIUrl":null,"url":null,"abstract":"Programmable logic controllers (PLCs) are essential components of Industrial Control System (ICS) in acting as a practical link between the cyber and physical worlds. In recent years, we have seen an increase in attacks targeting PLCs. Honeypot for PLCs, as an effective technique to gather attacker information and attack tactics, is limited in vendor-specific implementation, configuration, extensibility, and scalability. With the emergence of virtual PLCs, this paper introduces a honeypot, named PLCHoney, to overcome the existing challenges in a cost-effective approach. We designed and implemented PLCHoney with a proxy profiler, dockerized virtual PLCs, a physical process simulator, and a security analysis engine. PLCHoney was able to correctly simulate responses to various internet requests and tested effectively on a network of virtualized traffic light applications. We enabled further security analysis with a dataset containing PLC I/O status, collected with and without attacks. We envision that PLCHoney paves the avenue for the future development of PLC-based honeypots.","PeriodicalId":220415,"journal":{"name":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW59978.2023.00044","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Programmable logic controllers (PLCs) are essential components of Industrial Control System (ICS) in acting as a practical link between the cyber and physical worlds. In recent years, we have seen an increase in attacks targeting PLCs. Honeypot for PLCs, as an effective technique to gather attacker information and attack tactics, is limited in vendor-specific implementation, configuration, extensibility, and scalability. With the emergence of virtual PLCs, this paper introduces a honeypot, named PLCHoney, to overcome the existing challenges in a cost-effective approach. We designed and implemented PLCHoney with a proxy profiler, dockerized virtual PLCs, a physical process simulator, and a security analysis engine. PLCHoney was able to correctly simulate responses to various internet requests and tested effectively on a network of virtualized traffic light applications. We enabled further security analysis with a dataset containing PLC I/O status, collected with and without attacks. We envision that PLCHoney paves the avenue for the future development of PLC-based honeypots.

查看原文本刊更多论文

基于虚拟plc的蜜罐设计案例

可编程逻辑控制器(plc)是工业控制系统(ICS)的重要组成部分，作为网络世界和物理世界之间的实际联系。近年来，我们看到针对plc的攻击有所增加。plc蜜罐作为一种收集攻击者信息和攻击策略的有效技术，在厂商特定的实现、配置、可扩展性和可扩展性方面受到限制。随着虚拟plc的出现，本文介绍了一种名为PLCHoney的蜜罐，以经济有效的方式克服了现有的挑战。我们用代理分析器、dockerized虚拟plc、物理过程模拟器和安全分析引擎设计并实现了PLCHoney。PLCHoney能够正确地模拟对各种互联网请求的响应，并在虚拟交通灯应用网络上进行了有效的测试。我们使用包含PLC I/O状态的数据集进行了进一步的安全分析，这些数据集在受到攻击和没有受到攻击的情况下收集。我们设想PLCHoney为基于plc的蜜罐的未来发展铺平了道路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

自引率

0.00%

发文量