Abstract
Current SCADA honeypot technologies present attackers with static or pseudo-random data, and are unlikely to entice attackers to use high value or zero-day attacks. This chapter presents a symbolic cyberphysical honeynet framework that addresses the problem, enhances the screening and coalescence of attack events for analysis, provides attack introspection down to the physics level of a SCADA system and enables forensic replays of attacks. The work extends honeynet methodologies with integrated physics simulation and anomaly detection utilizing a symbolic data flow model of system physics. Attacks that trigger anomalies in the physics of a system are captured and organized via a coalescing algorithm for efficient analysis. Experimental results are presented to demonstrate the effectiveness of the approach.
Chapter PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Redwood, O., Lawrence, J., Burmester, M. (2015). A Symbolic Honeynet Framework for SCADA System Threat Intelligence. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection IX. ICCIP 2015. IFIP Advances in Information and Communication Technology, vol 466. Springer, Cham. https://doi.org/10.1007/978-3-319-26567-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-26567-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26566-7
Online ISBN: 978-3-319-26567-4
eBook Packages: Computer ScienceComputer Science (R0)