Skip to Main content Skip to Navigation
New interface
Conference papers

A Symbolic Honeynet Framework for SCADA System Threat Intelligence

Abstract : Current SCADA honeypot technologies present attackers with static or pseudo-random data, and are unlikely to entice attackers to use high value or zero-day attacks. This chapter presents a symbolic cyberphysical honeynet framework that addresses the problem, enhances the screening and coalescence of attack events for analysis, provides attack introspection down to the physics level of a SCADA system and enables forensic replays of attacks. The work extends honeynet methodologies with integrated physics simulation and anomaly detection utilizing a symbolic data flow model of system physics. Attacks that trigger anomalies in the physics of a system are captured and organized via a coalescing algorithm for efficient analysis. Experimental results are presented to demonstrate the effectiveness of the approach.
Document type :
Conference papers
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, January 10, 2017 - 2:56:26 PM
Last modification on : Friday, May 21, 2021 - 6:38:02 PM
Long-term archiving on: : Tuesday, April 11, 2017 - 3:18:50 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Owen Redwood, Joshua Lawrence, Mike Burmester. A Symbolic Honeynet Framework for SCADA System Threat Intelligence. 9th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2015, Arlington, VA, United States. pp.103-118, ⟨10.1007/978-3-319-26567-4_7⟩. ⟨hal-01431016⟩



Record views


Files downloads