Using Honeypots for ICS Threats Evaluation

Abstract

Industrial Control System (ICS) is an integration of hardware and software with a sophisticated network connection that supports instrumentation in industry. These systems are weak and prone to be exploited easily by an attacker due to its simple architecture which uses low processing power and memory. In recent years, the cyber-attack on ICS goes very vigorously and lures high amount of damage in terms of cost and time, it is difficult to prevent ICS from different malicious activity as the components of ICS will not be able to take any updates or patches due to its simple architecture. Certainly, we can prevent those attacks by detecting any defamatory activity by the intruder using some defense techniques such as Intrusion Detection System (IDS). Honeypots are useful in such scenarios, they are the subtle traps that are configured to detect any unauthorized access to a legitimate system, with an intention to know and learn the behavior of a hacker or its activity to mitigate the risk of any loss. Traditionally, we have network bases defense detection techniques such as IDS, Intrusion Prevention System (IPS), firewall and some encryption techniques, however, these systems are not that intelligent as honeypots are Honeypot poses the power of capturing the data, aptness to log, create an alert and detect everything the intruder is doing in the system. Researchers are finding new ways to trap those attackers using honeypots in order to secure ICS, not only defended ICS but, also it disturbs the attacker, using their “Camouflage Net”, which is a reconfigurable honeypot. There is a need for a preventive measure which provides early detection and alert mechanism for ICS, provides a multi-stage attack detection using honeypot which generates signatures to unveil any invader in the ICS. Uses the improved configurable honeypot based on SNAP7 and IMUNES, these honeypots are configured and deployed rapidly in the ICS system. Supervisory Control and Data Acquisition systems (SCADA) is another type of ICS system, SCADA honeypots such as conpots not only detect the outside attack but it also detects any malign tampering within its network. With this intention to secure ICS, this chapter focuses on threat detection using reliable and confined honeypots to evaluate and analyze the dilemma of ICS security. A comparison among different preventive measures of low interaction and high interaction honeypots and certain tools and methodologies which helps in intercepting any tampering activity will be the foremost focus of this chapter.