Vasilomanolakis, Emmanouil ; Srinivasa, Shreyas ; Garcia Cordero, Carlos ; Mühlhäuser, Max (2016)
Multi-stage Attack Detection and Signature Generation with ICS Honeypots.
doi: 10.1109/NOMS.2016.7502992
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
New attack surfaces are emerging with the rise of Industrial Control System (ICS) devices exposed on the Internet. ICS devices must be protected in a holistic and efficient manner; especially when these are supporting critical infrastructure. Taking this issue into account, cyber-security research is recently being focused on providing early detection and warning mechanisms for ICSs. In this paper we present a novel honeypot capable of detecting multi-stage attacks targeting ICS networks. Upon detecting a multi-stage attack, our honeypot can generate signatures so that misuse Intrusion Detection Systems (IDSs) can subsequently thwart attacks of the same type. Our experimental results indicate that our honeypot and the signatures it generates provide good detection accuracy and that the Bro IDS can successfully use the signatures to prevent future attacks.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Autor(en): | Vasilomanolakis, Emmanouil ; Srinivasa, Shreyas ; Garcia Cordero, Carlos ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | Multi-stage Attack Detection and Signature Generation with ICS Honeypots |
| Sprache: | Deutsch |
| Publikationsjahr: | April 2016 |
| Verlag: | IEEE |
| Buchtitel: | IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT) |
| DOI: | 10.1109/NOMS.2016.7502992 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | New attack surfaces are emerging with the rise of Industrial Control System (ICS) devices exposed on the Internet. ICS devices must be protected in a holistic and efficient manner; especially when these are supporting critical infrastructure. Taking this issue into account, cyber-security research is recently being focused on providing early detection and warning mechanisms for ICSs. In this paper we present a novel honeypot capable of detecting multi-stage attacks targeting ICS networks. Upon detecting a multi-stage attack, our honeypot can generate signatures so that misuse Intrusion Detection Systems (IDSs) can subsequently thwart attacks of the same type. Our experimental results indicate that our honeypot and the signatures it generates provide good detection accuracy and that the Bro IDS can successfully use the signatures to prevent future attacks. |
| Freie Schlagworte: | - SSI - Area Secure Smart Infrastructures;Secure Services |
| ID-Nummer: | TUD-CS-2016-0033 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 31 Dez 2016 12:59 |
| Letzte Änderung: | 14 Jun 2021 06:14 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum