ICSvertase: A Framework for Purpose-based Design and Classification of ICS Honeypots

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

1 Citaat (Scopus)

Samenvatting

As attacks on Industrial Control Systems (ICS) are increasing, the design and deployment of ICS honeypots is gaining momentum as a way to prevent, detect, and research them. However, ICS honeypot creators hardly explicitly consider what adversary behavior they want to capture, potentially creating honeypots that may not completely fulfill their intended purpose. At the same time, ICS honeypots are classified using the traditional interaction level scheme which is unsuitable for ICS due to its unique properties. In turn, these issues make it hard for potential users to systematically determine the suitability of an ICS honeypot for their use case. To tackle these problems, in this paper we introduce ICSvertase, a novel framework allowing for structural reasoning about ICS honeypots. ICSvertase integrates several existing components from the ATT&CK for ICS and Engage frameworks provided by MITRE and extends them with novel elements. ICSvertase provides a novel approach to helping companies and users in several real-world use cases, such as choosing the most suitable existing ICS honeypot, designing new ICS honeypots, and classifying existing ones in a more fine-grained way. To show ICSvertase’s benefits, we provide examples for these real-world use cases and compare them to their traditional counterparts.
Originele taal-2Engels
TitelARES 2023 - 18th International Conference on Availability, Reliability and Security, Proceedings
UitgeverijAssociation for Computing Machinery, Inc
Hoofdstuk114
Pagina's114:1-114:10
Aantal pagina's10
ISBN van elektronische versie979-8-4007-0772-8
DOI's
StatusGepubliceerd - 29 aug. 2023
Evenement18th International Conference on Availability, Reliability and Security, ARES 2023 - Benevento, Italië
Duur: 29 aug. 20231 sep. 2023
Congresnummer: 18

Publicatie series

NaamACM International Conference Proceeding Series

Congres

Congres18th International Conference on Availability, Reliability and Security, ARES 2023
Verkorte titelARES 2023
Land/RegioItalië
StadBenevento
Periode29/08/231/09/23

Vingerafdruk

Duik in de onderzoeksthema's van 'ICSvertase: A Framework for Purpose-based Design and Classification of ICS Honeypots'. Samen vormen ze een unieke vingerafdruk.

Citeer dit