Using Honeypots for ICS Threats Evaluation

  • Nitul DuttaEmail author
  • Nilesh Jadav
  • Nirali Dutiya
  • Dhara Joshi
Part of the Studies in Systems, Decision and Control book series (SSDC, volume 255)


Industrial Control System (ICS) is an integration of hardware and software with a sophisticated network connection that supports instrumentation in industry. These systems are weak and prone to be exploited easily by an attacker due to its simple architecture which uses low processing power and memory. In recent years, the cyber-attack on ICS goes very vigorously and lures high amount of damage in terms of cost and time, it is difficult to prevent ICS from different malicious activity as the components of ICS will not be able to take any updates or patches due to its simple architecture. Certainly, we can prevent those attacks by detecting any defamatory activity by the intruder using some defense techniques such as Intrusion Detection System (IDS). Honeypots are useful in such scenarios, they are the subtle traps that are configured to detect any unauthorized access to a legitimate system, with an intention to know and learn the behavior of a hacker or its activity to mitigate the risk of any loss. Traditionally, we have network bases defense detection techniques such as IDS, Intrusion Prevention System (IPS), firewall and some encryption techniques, however, these systems are not that intelligent as honeypots are Honeypot poses the power of capturing the data, aptness to log, create an alert and detect everything the intruder is doing in the system. Researchers are finding new ways to trap those attackers using honeypots in order to secure ICS, not only defended ICS but, also it disturbs the attacker, using their “Camouflage Net”, which is a reconfigurable honeypot. There is a need for a preventive measure which provides early detection and alert mechanism for ICS, provides a multi-stage attack detection using honeypot which generates signatures to unveil any invader in the ICS. Uses the improved configurable honeypot based on SNAP7 and IMUNES, these honeypots are configured and deployed rapidly in the ICS system. Supervisory Control and Data Acquisition systems (SCADA) is another type of ICS system, SCADA honeypots such as conpots not only detect the outside attack but it also detects any malign tampering within its network. With this intention to secure ICS, this chapter focuses on threat detection using reliable and confined honeypots to evaluate and analyze the dilemma of ICS security. A comparison among different preventive measures of low interaction and high interaction honeypots and certain tools and methodologies which helps in intercepting any tampering activity will be the foremost focus of this chapter.


ICS Honeypots SCADA Conpot PLC 


  1. 1.
    Sadasivam, G., Hota, C.: Scalable honeypot architecture for identifying malicious network activities. In: International Conference on Emerging Information Technology and Engineering Solutions, Pune, India, pp. 27–31, 20–21 Feb (2015)Google Scholar
  2. 2.
    Dongxia, L., Yongbo, Z.: An intrusion detection system based on honeypot technology. In: International Conference on Computer Science and Electronics Engineering, Hangzhou, China, pp. 451–454, 23–25 March (2012)Google Scholar
  3. 3.
    Mahajan, V., Peddoju, S.: Integration of network intrusion detection systems and honeypot networks for cloud security. In: International Conference on Computing, Communication and Automation (ICCCA), Greater Noida, India, pp. 829–834, 5–6 May (2017)Google Scholar
  4. 4.
    Smith Sidney, C.A.: Survey of research in supervisory control and data acquisition (SCADA). No. ARL - TR - 7093. In: Army Research Lab Aberdeen Proving Ground Md Computational and Information Sciences Directorate (2014)Google Scholar
  5. 5.
    Hackworth, J., Hackworth, F.: Programmable Logic Controllers: Programming Methods and Applications. Pearson, New Jersey (2004)Google Scholar
  6. 6.
    Bolton, W.: Programmable Logic Controllers. Elsevier, Amsterdam (2003)Google Scholar
  7. 7.
    Ahmed, M., Soo, W.: Supervisory control and data acquisition system (SCADA) based customized Remote Terminal Unit (RTU) for distribution automation system. In: IEEE 2nd International Power and Energy Conference, Johor Bahru, Malaysia, pp. 1655–1660, 1–3 Dec (2008)Google Scholar
  8. 8.
    Rosa, L., Cruz, T., Simoes, P., Monteiro, E., Lev, L.: Attacking SCADA systems: a practical perspective. In: Proceedings IFIP/IEEE International Symposium on Integrated Networks Manage, pp. 741–746 (2017)Google Scholar
  9. 9.
    Zhang, Y., Di, C., Han, Z., Li, Y., Li, S.: An adaptive honeypot deployment algorithm based on learning automata. In: IEEE Second International Conference on Data Science in Cyberspace (DSC), Shenzhen, China, pp. 521–527, 26–29 June (2017)Google Scholar
  10. 10.
    Patrick, D., Fardo, S.: Industrial Process Control Systems. Delmar Publication, Albany, N.Y (1997)Google Scholar
  11. 11.
    Vlad, A., Obermeier, S., Yu, D.: ICS threat analysis using a large-scale honeynet. In: 3rd International Symposium for ICS & SCADA Cyber Security Research 2015, Ingolstadt, Germany, pp. 20–30, 17–18 Sept (2015)Google Scholar
  12. 12.
    Kuman, S., Gros, S., Mikuc, M.: An experiment in using IMUNES and Conpot to emulate honeypot control networks. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, pp. 1262–1268, 22–26 May (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Nitul Dutta
    • 1
    Email author
  • Nilesh Jadav
    • 1
  • Nirali Dutiya
    • 1
  • Dhara Joshi
    • 1
  1. 1.Department of Computer Engineering, Faculty of PG StudiesMEF Group of Institutions (MEFGI)RajkotIndia

Personalised recommendations