Detection of critical infrastructure devices on the public Internet

Bachelor thesis (2023)

Authors

M.A. Mladenov Electrical Engineering, Mathematics and Computer Science

Contributors

G. Smaragdakis Cyber Security - EEMCS (supervisor 1)
László Erdődi Norwegian University of Science and Technology (NTNU) (supervisor 1)
A. Hanjalic Intelligent Systems (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2023 Martin Mladenov
Critical infrastructure Industrial Control System SCADA Honeypot
More Info
expand_more

Published Date

29-06-2023

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Supervisory Control and Data Acquisition (SCADA) systems are sometimes exposed on the public Internet. It is possible to quickly and efficiently identify such exposed services. They are commonly part of critical infrastructure, so they need to be protected against cyber attacks. In the past, researchers have scanned the Internet to detect such systems. However, such data may be biased due to honeypots set up by other researchers, which are fake hosts mimicking real industrial systems in order to detect malicious attacks.
In this paper, we develop a methodology to discover SCADA systems, classify them as real or honeypots, and analyse the metadata collected from them. We show that a large part of all exposed SCADA services are in fact likely to be honeypots, and we find correlations between independent honeypot-related indicators.