Abstract
Deception has been used with notable successes and failures, both offensively and defensively, in military, civilian, and personal operations for millennia. Deception for defensive use in the cyber-domain has, however, seen limited use beyond honeypots and mirages, particularly in the context of industrial control systems (ICS). In this chapter, we explore the application of deception to the defense of networked computer systems and apply recent learnings from deception in traditional systems and networks to those employed for industrial control.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
I. Colvin, The Unknown Courier: The True Story of Operation Mincemeat, London, England (Biteback Publishing, 2016)
D. J. Bacon, Second World War Deception. Lessons Learned for Today’s Joint Planner, (Air Command and Staff Coll Maxwell AFB, AL, 1998)
F. Cohen, D. Lambert, C. Preston, N. Berry, C. Stewart, E. Thomas, A Framework for Deception – Final Report, (2001)
B. Whaley, Detecting Deception: A Bibliography of Counter-Deception Across Time, Cultures, and Disciplines, (2005)
G. Stein, Encyclopedia of Hoaxes (Gale Research, Inc., Detroit, 1993), p. 293
B. Cheswick, An evening with Berferd – In which a cracker is lured, endured, and studied, in USENIX Winter Conference, (1992)
S. M. Wade, SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats, Master’s Thesis, (Iowa State University, Ames, IA, 2011), http://lib.dr.iastate.edu/cgi/viewcontent.cgi?article=3130&context=etd
V. Pothamsetty, M. Franz, SCADA Honeynet Project: Building honeypots for industrial networks, (SCADA Honeynet Project, 15 July 2005), http://scadahoneynet.sourceforge.net/
T. Vollmer, M. Manic, Cyber-physical system security with deceptive virtual hosts for industrial control networks. IEEE Trans. Industr. Inform. 10(2), 1337–1347 (2014)
Digital Bond, Installation instructions virtual PLC Honeynet, (2006), http://www.digitalbond.com/blog/2011/07/27/siemens-s7-honeynet/#more-10410
N.C. Rowe, J. Rrushi, Introduction to Cyberdeception (Springer International Publishing, Cham, 2016)
Attivo Networks, The benefits of deception for SCADA environments, (2018), https://attivonetworks.com/benefits-deception-scada-environments/
Illusive Networks, Turn each endpoint into an APT trap, (2018), https://www.illusivenetworks.com/deceptions-everywhere/
J. Rrushi, K. Kang, Mirage theory: A deception approach to intrusion detection in process control networks, in Proceedings of the NATO Symposium on Information Assurance for Emerging and Future Military Systems, (2008)
J.L. Rrushi, An exploration of defensive deception in industrial communication networks. Int. J. Crit. Infrastruct. Prot. 4(2), 66–75 (2011)
N.C. Rowe, H. Rothstein, Deception for Defense of Information Systems: Analogies from Conventional Warfare, (Department of Computer Science and Defense Analysis, U.S. Naval Postgraduate School, 2003), http://www.au.af.mil/au/awc/awcgate/nps/mildec.htm
N.C. Rowe, H. Rothstein, Two taxonomies of deception for attacks on information systems. J. Inf. Warf. 3(2), 27–39 (2004)
A. Teixeira, G. Dán, H. Sandberg, K.H. Johansson, A cyber security study of a SCADA energy management system: Stealthy deception attacks on the state estimator. IFAC Proc. 44(1), 11271–11277 (2011)
S. Amin, X. Litrico, S. Sastry, A.M. Bayen, Cyber security of water SCADA systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE Trans. Contr. Syst. Technol. 21(5), 1963–1970 (2013)
S. Amin, X. Litrico, S. S. Sastry, A. M. Bayen, Stealthy deception attacks on water SCADA systems, in Proceedings of the 13th ACM International Conference on Hybrid Systems: Computation and Control, (2010), pp. 161–170
A. Kleinmann, O. Amichay, A. Wool, D. Tenenbaum, O. Bar, L. Lev, Stealthy deception attacks against SCADA systems, in Third Workshop on the Security of Industrial Control Systems & Cyber-Physical Systems (CyberICPS), (Oslo, Norway, LNCS 10683, 2017), pp. 93–109
N. Soule, P. Pal, S. Clark, B. Krisler, A. Macera, Enabling defensive deception in distributed system environments, in IEEE Resilience Week (RWS), (2016), pp. 73–76
P. Pal, N. Soule, N. Lageman, S. S. Clark, M. Carvalho, A. Granados, A. Alves, Adaptive resource management enabling deception (ARMED), in Proceedings of the 12th International Conference on Availability, Reliability and Security, (2017), p. 52
P. Pal, R. Schantz, A. Paulos, B. Benyo, D. Johnson, M. Hibler, E. Eide, A3: An environment for self-adaptive diagnosis and immunization of novel attacks, in 2012 IEEE Sixth International Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW), (2012), pp. 15–22
P. Pal, N. Lageman, N. Soule, Disrupting adversary decision logic: An experience report, in ECCWS2018-Proceedings for the 17th European Conference on Cyber Warfare and Security, (Academic Conferences and Publishing Limited, 2018)
M. Rash, Single packet authorization with fwknop.login. USENIX Magazine 31(1), 63–69 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Soule, N., Pal, P. (2019). Beyond Mirages: Deception in ICS—Lessons Learned from Traditional Networks. In: Rieger, C., Ray, I., Zhu, Q., Haney, M. (eds) Industrial Control Systems Security and Resiliency. Advances in Information Security, vol 75. Springer, Cham. https://doi.org/10.1007/978-3-030-18214-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-18214-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18213-7
Online ISBN: 978-3-030-18214-4
eBook Packages: Computer ScienceComputer Science (R0)