TU Darmstadt / ULB / TUbiblio

Multi-stage Attack Detection and Signature Generation with ICS Honeypots

Vasilomanolakis, Emmanouil and Srinivasa, Shreyas and Cordero, Carlos Garcia and Mühlhäuser, Max (2016):
Multi-stage Attack Detection and Signature Generation with ICS Honeypots.
In: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), IEEE, ISBN 978-1-5090-0223-8,
DOI: 10.1109/NOMS.2016.7502992,
[Conference or Workshop Item]

Abstract

New attack surfaces are emerging with the rise of Industrial Control System (ICS) devices exposed on the Internet. ICS devices must be protected in a holistic and efficient manner; especially when these are supporting critical infrastructure. Taking this issue into account, cyber-security research is recently being focused on providing early detection and warning mechanisms for ICSs. In this paper we present a novel honeypot capable of detecting multi-stage attacks targeting ICS networks. Upon detecting a multi-stage attack, our honeypot can generate signatures so that misuse Intrusion Detection Systems (IDSs) can subsequently thwart attacks of the same type. Our experimental results indicate that our honeypot and the signatures it generates provide good detection accuracy and that the Bro IDS can successfully use the signatures to prevent future attacks.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Vasilomanolakis, Emmanouil and Srinivasa, Shreyas and Cordero, Carlos Garcia and Mühlhäuser, Max
Title: Multi-stage Attack Detection and Signature Generation with ICS Honeypots
Language: German
Abstract:

New attack surfaces are emerging with the rise of Industrial Control System (ICS) devices exposed on the Internet. ICS devices must be protected in a holistic and efficient manner; especially when these are supporting critical infrastructure. Taking this issue into account, cyber-security research is recently being focused on providing early detection and warning mechanisms for ICSs. In this paper we present a novel honeypot capable of detecting multi-stage attacks targeting ICS networks. Upon detecting a multi-stage attack, our honeypot can generate signatures so that misuse Intrusion Detection Systems (IDSs) can subsequently thwart attacks of the same type. Our experimental results indicate that our honeypot and the signatures it generates provide good detection accuracy and that the Bro IDS can successfully use the signatures to prevent future attacks.

Title of Book: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Publisher: IEEE
ISBN: 978-1-5090-0223-8
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;Secure Services
Divisions: 20 Department of Computer Science
20 Department of Computer Science > Telecooperation
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/NOMS.2016.7502992
Identification Number: TUD-CS-2016-0033
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item