云中的假PLC，我们以为攻击者相信:ICS蜜罐骗局如何受到云部署的影响?

2023 IEEE 19th International Conference on Factory Communication Systems (WFCS) Pub Date : 2023-04-26 DOI:10.1109/WFCS57264.2023.10144119

Stanislava Ivanova, N. Moradpoor

{"title":"云中的假PLC，我们以为攻击者相信:ICS蜜罐骗局如何受到云部署的影响?","authors":"Stanislava Ivanova, N. Moradpoor","doi":"10.1109/WFCS57264.2023.10144119","DOIUrl":null,"url":null,"abstract":"The Industrial Control System (ICS) industry faces an ever-growing number of cyber threats - defence against which can be strengthened using honeypots. As the systems they mimic, ICS honeypots shall be deployed in a similar context to field ICS systems. This ICS context demands a novel honeypot deployment process, that is more consistent with real ICS systems. State-of-the-art ICS honeypots mainly focus on deployments in cloud environments which could divulge the true intent to cautious adversaries. This experimental research project addresses this limitation by evaluating the deception capability of a public cloud and an on-premise deployment. Results from a 65-day, HoneyPLC experiment show that the on-premise deployment attracts more Denial of Service and Reconnaissance ICS attacks. The results guide future researchers that an on-premise deployment might be more convincing and attract more ICS-relevant interactions.","PeriodicalId":345607,"journal":{"name":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","volume":"1 4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Fake PLC in the Cloud, We Thought the Attackers Believed that: How ICS Honeypot Deception Gets Impacted by Cloud Deployments?\",\"authors\":\"Stanislava Ivanova, N. Moradpoor\",\"doi\":\"10.1109/WFCS57264.2023.10144119\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Industrial Control System (ICS) industry faces an ever-growing number of cyber threats - defence against which can be strengthened using honeypots. As the systems they mimic, ICS honeypots shall be deployed in a similar context to field ICS systems. This ICS context demands a novel honeypot deployment process, that is more consistent with real ICS systems. State-of-the-art ICS honeypots mainly focus on deployments in cloud environments which could divulge the true intent to cautious adversaries. This experimental research project addresses this limitation by evaluating the deception capability of a public cloud and an on-premise deployment. Results from a 65-day, HoneyPLC experiment show that the on-premise deployment attracts more Denial of Service and Reconnaissance ICS attacks. The results guide future researchers that an on-premise deployment might be more convincing and attract more ICS-relevant interactions.\",\"PeriodicalId\":345607,\"journal\":{\"name\":\"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)\",\"volume\":\"1 4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WFCS57264.2023.10144119\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WFCS57264.2023.10144119","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

工业控制系统(ICS)行业面临着越来越多的网络威胁，可以使用蜜罐来加强防御。作为模拟的系统，ICS蜜罐应该部署在与现场ICS系统相似的环境中。这种ICS环境需要一种新的蜜罐部署过程，它与实际的ICS系统更加一致。最先进的ICS蜜罐主要集中在云环境中的部署，这可能会向谨慎的对手泄露真实意图。本实验研究项目通过评估公共云和内部部署的欺骗能力来解决这一限制。为期65天的HoneyPLC实验结果表明，内部部署吸引了更多的拒绝服务和侦察ICS攻击。研究结果指导未来的研究人员，内部部署可能更有说服力，并吸引更多与ics相关的交互。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Fake PLC in the Cloud, We Thought the Attackers Believed that: How ICS Honeypot Deception Gets Impacted by Cloud Deployments?

The Industrial Control System (ICS) industry faces an ever-growing number of cyber threats - defence against which can be strengthened using honeypots. As the systems they mimic, ICS honeypots shall be deployed in a similar context to field ICS systems. This ICS context demands a novel honeypot deployment process, that is more consistent with real ICS systems. State-of-the-art ICS honeypots mainly focus on deployments in cloud environments which could divulge the true intent to cautious adversaries. This experimental research project addresses this limitation by evaluating the deception capability of a public cloud and an on-premise deployment. Results from a 65-day, HoneyPLC experiment show that the on-premise deployment attracts more Denial of Service and Reconnaissance ICS attacks. The results guide future researchers that an on-premise deployment might be more convincing and attract more ICS-relevant interactions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 IEEE 19th International Conference on Factory Communication Systems (WFCS)

自引率

0.00%

发文量