For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
2,935
views
17
references
 Top references
cited by
1
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
1 collections
    4
    shares
      456
      similar
       All similar

      Celebrating 65 years of The Computer Journal - free-to-read perspectives - bcs.org/tcj65

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      ICS Threat Analysis Using a Large-Scale Honeynet

      proceedings-article
      Author(s): , ,
      Publication date (Print):
      Conference name: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015) (ICS-CSR)
      Conference theme: Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
      Conference date: 17 - 18 September 2015
      Keywords: industrial cyber security, honeypot
      Bookmark

            Abstract

            A cyber security strategy for Industrial Control Systems (ICS) is typically based on the identified threats to a system. In order to obtain a better insight into the ICS-related threat landscape, we have deployed a largescale, low-interaction honeypot system on the Internet and have analysed the interactions observed during 28-day long experiments. We describe the interaction results for a variety of industrial and non-industrial protocols, and we analyse the influence of industrial devices being listed on a device-oriented public search engine such as SHODAN. Finally, different combinations of these protocols are compared to determine their relative attractiveness to an external attacker.

            Content

            Author and article information

            Contributors
            Alexandru Vlad Serbanescu
            Sebastian Obermeier
            Der-Yeuan Yu
            Conference
            Publication date: September 2015
            Publication date (Print): September 2015
            Pages: 20-30
            Affiliations
            [0001]KPMG AG

            Zurich, Switzerland
            [0002]ABB Corporate Research

            Baden, Switzerland
            [0003]Department of Computer Science

            ETH Zurich, Switzerland
            Article
            DOI: 10.14236/ewic/ICS2015.3
            SO-VID: 48b6a88d-1901-438b-8a61-4c5a9cdbc4cf
            Copyright © © Serbanescu et al. Published by BCS Learning & Development Ltd. Proceedings of the 3 rd International Symposium for ICS & SCADA Cyber Security Research 2015
            License:

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            Conference name: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015)
            Conference acronym: ICS-CSR
            Conference number: 3
            Conference location: Germany
            Conference date: 17 - 18 September 2015
            Conference sponsor: Electronic Workshops in Computing (eWiC)
            Conference theme: Industrial Control System & SCADA Cyber Security Research (ICS-CSR)
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICS2015.3
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Series title: Electronic Workshops in Computing

            ScienceOpen disciplines: Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Keywords: industrial cyber security,honeypot

            References

            1. 2007 Snort: IDS and IPS Toolkit Jay Beale’s open source security series Boston, MA Syngress

            2. 2014 Evaluation of the ability of the Shodan search engine to identify internet-facing industrial control devices International J. Critical Infrastructure Protection 7 2 11 123

            3. 2014 CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot In smart grid security, lecture notes in computer science Berlin, Germany Springer International Publishing Available from http://dx.doi.org/10.1007/978-3-319-10329-7 12

            4. 2013 A distributed real-time event correlation architecture for SCADA security Critical infrastructure protection VII, volume 417 of IFIP advances in information and communication technology Berlin Heidelberg, Germany Springer Available from http://dx.doi.org/10.1007/978-3-642-45330-4 6

            5. 2014 Neue kommunikationskonzepte für den netzbetrieb - aktuelle entwicklungen in der IEC 61850 Hannover Messe 2014 – Smart Grids Forum Available from https://www.vde.com/de/smart-grid/forum/ beitraege/Documents/2014-04-09-neuekommunikationskonzepte-englert.pdf

            6. 2014 The value of security protocols on the example of smart grid. Keynote at IARIA – InfoWare 2014 Available from http://www.iaria.org/conferences2014/files INTELLI14/20140625 keynote sec prot sfries.pdf

            7. Modbus.org 2012 Modbus application protocol specification V1.1b3 Available from http://www.modbus.org/docs/Modbus Application Protocol V1 1b3.pdf

            8. 2013 Industrial control system cyber attacks Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research Available from http://ewic.bcs. org/content/ConWebDoc/51165

            9. 2014 Uninvited connections: A Study of vulnerable devices on the internet of things (IoT) IEEE Joint Intelligence and Security Informatics Conference (JISIC) 232 235

            10. 2013 The SCADA threat landscape Proceedings of the 1st International Symposium for ICS & SCADA Cyber Security Research Available from http://ewic.bcs.org/content/ConWebDoc/51166

            11. 2014. Designing and implementing a honeypot for a SCADA network Fredericksburg, VA The SANS Institute. Tech Rep

            12. 2015 July 20–22 A flexible architecture for industrial control system honeypots SECRYPT 2015– Proceedings of the 12th International Conference on Security and Cryptography Colmar, France [to be published]

            13. 2011 SCADA honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats M.S. Thesis, Iowa State University Ames, Iowa Available from http://lib.dr.iastate.edu/ cgi/viewcontent.cgi?article=3130&context=etd

            14. 2011 The industrial electronics handbook – industrial communications systems, volume 2 of the industrial electronics handbook 2 ed Boca Raton, FL CRC Press and Taylor & Francis Group

            15. 2013 The SCADA that didnt cry wolf – whos really attacking your ICS equipment?—Part deux! Black Hat US

            16. 2014 How vulnerable are unprotected machines on the Internet? Passive and Active Measurement, volume 8362 of Lecture Notes in Computer Science Berlin Heidelberg, Germany Springer International Publishing

            Comments

            Comment on this article