Framework for Industrial Control System Honeypot Network Traffic Generation

Author

Htein A. Lin

Date of Award

3-23-2017

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Barry E. Mullins, PhD.

Abstract

Defending critical infrastructure assets is an important but extremely difficult and expensive task. Historically, decoys have been used very effectively to distract attackers and in some cases convince an attacker to reveal their attack strategy. Several researchers have proposed the use of honeypots to protect programmable logic controllers, specifically those used to support critical infrastructure. However, most of these honeypot designs are static systems that wait for a would-be attacker. To be effective, honeypot decoys need to be as realistic as possible. This paper introduces a proof-of-concept honeypot network traffic generator that mimics genuine control systems. Experiments are conducted using a Siemens APOGEE building automation system for single and dual subnet instantiations. Results indicate that the proposed traffic generator is capable of honeypot integration, traffic matching and routing within the decoy building automation network.

AFIT Designator

AFIT-ENG-MS-17-M-046

DTIC Accession Number

AD1054692

Recommended Citation

Lin, Htein A., "Framework for Industrial Control System Honeypot Network Traffic Generation" (2017). Theses and Dissertations. 1585.
https://scholar.afit.edu/etd/1585