Characterizing Background Noise in ICS Traffic Through a Set of Low Interaction Honeypots

Ferretti, Pietro; Pogliani, Marcello; Zanero, Stefano

doi:10.1145/3338499.3357361

Cited by 18 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1,2 Such scan results can be used to asses the security of ICS in individual countries. 12 ICS scans are dominated by few recurrent scanners 13 and captured within few days by honeypot deployments. 1 Mirian et al 2 measured the increase of open ICS services of up to 20 % in 4 months.…”

Section: A Glimpse Into Ics Protocol Securitymentioning

confidence: 99%

Industrial control protocols in the Internet core: Dismantling operational practices

2021

View full text Add to dashboard Cite

Industrial control systems (ICS) are managed remotely with the help of dedicated protocols that were originally designed to work in walled gardens. Many of these protocols have been adapted to Internet transport and support wide-area communication. ICS now exchange insecure traffic on an inter-domain level, putting at risk not only common critical infrastructure but also the Internet ecosystem (e.g., by DRDoS attacks). In this paper, we measure and analyze inter-domain ICS traffic at two central Internet vantage points, an IXP and an ISP. These traffic observations are correlated with data from honeypots and Internet-wide scans to separate industrial from non-industrial ICS traffic. We uncover mainly unprotected inter-domain ICS traffic and provide an in-depth view on Internet-wide ICS communication. Our results can be used (i) to create precise filters for potentially harmful non-industrial ICS traffic and (ii) to detect ICS sending unprotected inter-domain ICS traffic, being vulnerable to eavesdropping and traffic manipulation attacks. Additionally, we survey recent security extensions of ICS protocols, of which we find very little deployment. We estimate an upper bound of the deployment status for ICS security protocols in the Internet core.

show abstract

Section: A Glimpse Into Ics Protocol Securitymentioning

confidence: 99%

Industrial control protocols in the Internet core: Dismantling operational practices

2021

View full text Add to dashboard Cite

show abstract

“…Ferretti et al [120] aimed to analyze the scanning traffic on the Internet that is targeting ICS. To analyze the scanners and their behaviors, the authors deployed several low interaction Conpot honeypots.…”

Section: Cao Et Al Proposed a Distributed Ics Honeypot Calledmentioning

confidence: 99%

“…We believe that IP address lookup for the traffic sources can provide information on the benign origins of the decoy traffic. In addition, analysis of Ferretti et al [120] on the scanning patterns of legitimate scanners such as Shodan can give clues to researchers on discriminating legitimate traffic.…”

Section: Machine Learningmentioning

confidence: 99%

A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems

Franco¹,

Arış²,

Canberk³

et al. 2021

Preprint

View full text Add to dashboard Cite

The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems -IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It provides a taxonomy and extensive analysis of the existing honeypots and honeynets, states key design factors for the state-of-the-art honeypot/honeynet research and outlines open issues for future honeypots and honeynets for IoT, IIoT, and CPS environments.

show abstract

“…It is Ferretti and colleagues' objective [19] to analyze the Internet scanning traffic that is aiming at ICS in order to find out. Several low interaction Conpot honeypots were analyzed by the authors in order to study the scanning behavior of the scanners.…”

Section: More Iot Honeypotsmentioning

confidence: 99%

Honeypots for Internet of Things Research: An Effective Mitigation Tool

En¹,

Liu²,

Hao³

2021

Preprint

View full text Add to dashboard Cite

In recent years, due to their frequent use and widespread use, IoT (Internet of Things) devices have become an attractive target for hackers. As a result of their limited network resources and complex operating systems, they are vulnerable to attacks. Using a honeypot can, therefore, be a very effective way of detecting malicious requests and capturing samples of exploits. The purpose of this article is to introduce honeypots, the rise of IoT devices, and how they can be exploited by attackers. Various honeypot ecosystems will be investigated further for capturing and analyzing information from attacks against these IoT devices. As well as how to leverage proactive strategies in terms of IoT security, it will provide insights on the attack vectors present in most IoT systems, along with understanding attack patterns.

show abstract

Characterizing Background Noise in ICS Traffic Through a Set of Low Interaction Honeypots

Cited by 18 publications

References 11 publications

Industrial control protocols in the Internet core: Dismantling operational practices

Industrial control protocols in the Internet core: Dismantling operational practices

A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems

Honeypots for Internet of Things Research: An Effective Mitigation Tool

Contact Info

Product

Resources

About