Constructing Cost-Effective and Targetable ICS Honeypots Suited for Production Networks

Author

Michael M. Winn

Date of Award

3-26-2015

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Mason J. Rice, PhD.

Abstract

Honeypots are a technique that can mitigate the risk of cyber threats. Effective honeypots are authentic and targetable, and their design and implementation must accommodate risk tolerance and financial constraints. The proprietary, and often expensive, hardware and software used by Industrial Control System (ICS) devices creates the challenging problem of building a flexible, economical, and scalable honeypot. This research extends Honeyd into Honeyd+, making it possible to use the proxy feature to create multiple high interaction honeypots with a single Programmable Logic Controller (PLC). Honeyd+ is tested with a network of 75 decoy PLCs, and the interactions with the decoys are compared to a physical PLC to test for authenticity. The performance test evaluates the impact of multiple simultaneous connections to the PLC. The functional test is successful in all cases. The performance test demonstrated that the PLC is a limiting factor, and that introducing Honeyd+ has a marginal impact on performance. Notable findings are that the Raspberry Pi is the preferred hosting platform, and more than five simultaneous connections were not optimal.

AFIT Designator

AFIT-ENG-MS-15-M-045

DTIC Accession Number

ADA615223

Recommended Citation

Winn, Michael M., "Constructing Cost-Effective and Targetable ICS Honeypots Suited for Production Networks" (2015). Theses and Dissertations. 71.
https://scholar.afit.edu/etd/71