Abstract
The Industrial Control System (ICS) is widely used in industrial processes, such as power grids, water conservancy, natural gas, petrochemical and so on. More and more cyber attacks are targeting the ICS worldwide. This paper presents a novel honeynet-based epidemic model in ICS network. The honeynet is an active approach that can attract malware attacks and provide sample information and immunization strategy of the malware. An epidemic model with immunization and quarantine in ICS network is formulated to explore the dynamics of the malware propagation, and the honeynet potency is analyzed as well. Theoretical analysis reveals the disease-free and endemic equilibrium of our model, then the local and global stability of the disease-free (endemic) equilibrium are examined by the basic reproduction number. Furthermore, numerical experiments show that the honeypot with more system vulnerabilities is conducive to suppress the malware epidemic, and the honeynet with lower average degree power low index can be more effectively. In addition, simulation experiments provide the actual behavior of malware propagation in the ICS network and verification of our derivations.
Highlights
IntroductionA. MOTIVATION With deep application of the Industrial Control Systems (ICS), ICS network security plays a more and more important role in nowadays
PAPER ORGANIZATION Inspired by the mentioned works above, we propose an epidemic model in the Industrial Control Systems (ICS) network to study the interplay between malware epidemics and honeynet potency
Theoretical analysis has revealed the relations between disease epidemics and honeynet potency
Summary
A. MOTIVATION With deep application of the Industrial Control Systems (ICS), ICS network security plays a more and more important role in nowadays. A growing number of cybersecurity incidents indicate that ICS is becoming increasingly susceptible to sophisticated and targeted attacks, and malware plays an important role in the attacks against ICS. Due to the weak network security awareness of the ICS and the extremely high requirements for real-time, reliability and continuity of the industrial control business, ICS security products can not be deployed and used at large scale at this. Many cyber-attacks that against ICS network broke out, such as Modbus Stager [2], PLC Blaster [3], Duqu [4] and so on. PLC Blaster can scan ICS network for new targets, attack the PLCs, and replicate itself in the compromised PLCs [3].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
