Attacks on industrial control systems and critical infrastructure assets are on the rise. These systems are at risk due to outdated technology and ad hoc security measures. As a result, honeypots are often deployed to collect information about malicious intrusions and exploitation techniques. While virtual honeypots mitigate the excessive cost of hardware-replicated honeypots, they often suffer from a lack of authenticity. In addition, honeypots utilizing a proxy to a live programmable logic controller suffer from performance bottlenecks and limited scalability. This chapter describes an enhanced, application layer emulator that addresses both limitations. The emulator combines protocol-agnostic replay with dynamic updating via a proxy to produce a device that is easily integrated into existing honeypot frameworks.
CITATION STYLE
Girtz, K., Mullins, B., Rice, M., & Lopez, J. (2016). Practical application layer emulation in industrial control system honeypots. In IFIP Advances in Information and Communication Technology (Vol. 485, pp. 83–98). Springer New York LLC. https://doi.org/10.1007/978-3-319-48737-3_5
Mendeley helps you to discover research relevant for your work.