Industrial Control Systems Honeypot: A Formal Analysis of Conpot

Full Text (PDF, 995KB), PP.44-56

Views: 0 Downloads: 0

Author(s)

Sheetal Gokhale 1 Ashwini Dalvi 2,* Irfan Siddavatam 1

1. K.J. Somaiya College of Engineering, Mumbai, India

2. Veermata Jijabai Technological Institute, Mumbai, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2020.06.04

Received: 2 Aug. 2020 / Revised: 5 Sep. 2022 / Accepted: 13 Sep. 2020 / Published: 8 Dec. 2020

Index Terms

Industrial Control System ICS, Honeypot, Conpot, Coloured Petri Net, Formal method analysis, Cyber security

Abstract

Technologies used in ICS and Smart Grid are overlapping. The most discussed attacks on ICSs are Stuxnet and Black energy malware. The anatomy of these attacks not only pointed out that the security of ICS is of prime concern but also demanded to execute a proactive approach in practicing ICS security. Honeypot is used to implement defensive measures for security. The Honeynet group released Honeypot for ICS labelled as Conpot in 2013. Though the Conpot is low interactive Honeypot, it emulates processes of different cyber-physical systems, typically Smart Grid. In the literature, the effectiveness of Honeypot operations was studied by challenging limitations of the existing setup or proposing new variants. Similar approaches are followed for Conpot evaluation. However, none of the work addressed a formal verification method to verify the engagement of Honeypot, and this makes the presented work unique. For proposed work, Coloured Petri Net (CPN) tool is used for formal verification of Conpot. The variants of Conpot are modelled, including initial state model, deadlock state model and livelock model. Further evaluation of these models based on state space analysis results confirmed that Conpot could lure an attacker by engaging him in an infinite loop and thereby limiting the scope of the attacker from exploring and damaging the real-time systems or services. However, in the deadlock state, the attacker’s activity in the conpot will be restricted and will be unable to proceed further as the conpot model incorporates deadlock loop.

Cite This Paper

Sheetal Gokhale, Ashwini Dalvi, Irfan Siddavatam, "Industrial Control Systems Honeypot: A Formal Analysis of Conpot", International Journal of Computer Network and Information Security(IJCNIS), Vol.12, No.6, pp.44-56, 2020. DOI: 10.5815/ijcnis.2020.06.04

Reference

[1] Dalamagkas, C., Sarigiannidis, P., Ioannidis, D., Iturbe, E., Nikolis, O., Ramos, F., & Tzovaras, D. (2019, June). A survey on honeypots, honeynets and their applications on smart grid. In 2019 IEEE Conference on Network Softwarization (NetSoft) (pp. 93-100). IEEE.

[2] Jicha, A., Patton, M., & Chen, H. (2016, September). SCADA honeypots: An in-depth analysis of Conpot. In 2016 IEEE conference on intelligence and security informatics (ISI) (pp. 196-198). IEEE.

[3] Litchfield, S., Formby, D., Rogers, J., Meliopoulos, S., & Beyah, R. (2016). Poster: Re-thinking the honeypot for cyber-physical systems. In Poster at IEEE Symposium on Security and Privacy.

[4] Vasilomanolakis, E., Srinivasa, S., & Mühlhäuser, M. (2015, September). Did you really hack a nuclear power plant? An industrial control mobile honeypot. In 2015 IEEE Conference on Communications and Network Security (CNS) (pp. 729-730). IEEE.

[5] Cruz, T., Rosa, L., Proença, J., Maglaras, L., Aubigny, M., Lev, L., & Simoes, P. (2016). A cybersecurity detection framework for supervisory control and data acquisition systems. IEEE Transactions on Industrial Informatics, 12(6), 2236-2246.

[6] Serbanescu, A. V., Obermeier, S., & Yu, D. Y. (2015, July). A scalable honeynet architecture for industrial control systems. In International Conference on E-business and Telecommunications (pp. 179-200). Springer, Cham.

[7] Simões, P., Cruz, T., Proença, J., & Monteiro, E. (2015). Specialized honeypots for SCADA systems. In Cyber Security: Analytics, Technology and Automation (pp. 251-269). Springer, Cham.

[8] Pliatsios, D., Sarigiannidis, P., Liatifis, T., Rompolos, K., & Siniosoglou, I. (2019, September). A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure. In 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) (pp. 1-6). IEEE.

[9] Belqruch, A., & Maach, A. (2019, March). SCADA security using SSH honeypot. In Proceedings of the 2nd International Conference on Networking, Information Systems & Security (pp. 1-5).

[10] Vollmer, T., & Manic, M. (2014). Cyber-physical system security with deceptive virtual hosts for industrial control networks. IEEE Transactions on Industrial Informatics, 10(2), 1337-1347.

[11] Lee, J., Jeon, J., Lee, C., Lee, J., & Cho, J. (2016). An implementation of log visualization system combined SCADA Honeypot. In International Conference on Advanced Communication Technology (ICACT).

[12] Redwood, O., Lawrence, J., & Burmester, M. (2015, March). A symbolic honeynet framework for scada system threat intelligence. In International Conference on Critical Infrastructure Protection (pp. 103-118). Springer, Cham.

[13] Mashima, D., Chen, B., Gunathilaka, P., & Tjiong, E. L. (2017, October). Towards a grid-wide, high-fidelity electrical substation honeynet. In 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm) (pp. 89-95). IEEE.

[14] Desel, J., & Reisig, W. (2015). The concepts of Petri nets. Software & Systems Modeling, 14(2), 669-683.

[15] Jensen, K., & Kristensen, L. M. (2015). Colored Petri nets: a graphical language for formal modeling and validation of concurrent systems. Communications of the ACM, 58(6), 61-70.

[16] Zhang, F., Xu, Y., & Chou, J. (2016). A novel petri nets-based modeling method for the interaction between the sensor and the geographic environment in emerging sensor networks. Sensors, 16(10), 1571.

[17] Siddavatam, I. A., Parekh, S., Shah, T., & Kazi, F. (2017). Testing and Validation of Modbus/TCP Protocol for Secure SCADA Communication in CPS using Formal Methods. Scalable Computing: Practice and Experience, 18(4), 313-330.

[18] Rodríguez, A., Kristensen, L. M., & Rutle, A. (2018, June). On Modelling and Validation of the MQTT IoT Protocol for M2M Communication. In PNSE@ Petri Nets/ACSD (pp. 99-118).

[19] Zhang, Y., Wang, W., Du, W., Qian, C., & Yang, H. (2018). Coloured Petri net-based active sensing system of real-time and multi-source manufacturing information for smart factory. The International Journal of Advanced Manufacturing Technology, 94(9-12), 3427-3439.

[20] kamal Kaur, R., Singh, L. K., & Khamparia, A. (2020). Modeling uncertainty of instrument and control system of nuclear power plant. Annals of Nuclear Energy, 139, 107207.

[21] Shi, L., Li, Y., & Feng, H. (2018). Performance analysis of honeypot with petri nets. Information, 9(10), 245.

[22] Buza, D. I., Juhász, F., Miru, G., Félegyházi, M., & Holczer, T. (2014, February). CryPLH: Protecting smart energy systems from targeted attacks with a PLC honeypot. In International Workshop on Smart Grid Security (pp. 181-192). Springer, Cham.

[23] Yutao, F., Guiping, S., Liu, H., & Siyu, Z. (2012, December). Study on a CPN-based Auto-analysis Tool for Security Protocols. In 2012 Fourth International Symposium on Information Science and Engineering (pp. 179-182). IEEE.

[24] Boukredera, D., Maamri, R., & Aknine, S. (2012, June). A timed colored petri-net-based modeling for contract net protocol with temporal aspects. In Proceedings of the Seventh International Multi-Conference on Computing in the Global Information Technology (ICCGI 2012) (pp. 40-45).

[25] Zhu, L., Tong, W., & Cheng, B. (2010, October). CPN Tools’ Application in Verification of Parallel Programs. In International Conference on Information Computing and Applications (pp. 137-143). Springer, Berlin, Heidelberg.

[26] Tare, B., Waghmare, S., Siddavatam, I., Kazi, F., & Singh, N. (2016, January). Security analysis of dnp3 using cpn model with state space report representation using lda. In 2016 Indian Control Conference (ICC) (pp. 25-31). IEEE.

[27] Caliz, E., Umapathy, K., Sánchez-Ruíz, A. J., & Elfayoumy, S. A. (2011, May). Analyzing web service choreography specifications using colored petri nets. In International Conference on Design Science Research in Information Systems (pp. 412-426). Springer, Berlin, Heidelberg.