Research Summaries

Back Identifying Anomalous Network Flow Activity Using Cloud Honeypots

Fiscal Year 2020
Division Research & Sponsored Programs
Department NPS Naval Research Program
Investigator(s) Rowe, Neil C.
Sponsor NPS Naval Research Program (Navy)
Summary Honeypots are decoy digital systems designed solely for collecting data on malicious network traffic with no other assigned purposes. Honeypots have been valuable tools for discovering new cyberattacks, providing a valuable head start in designing defenses. Industrial-control systems (ICSs) have been difficult for which to develop honeypots since they require simulation of specialized kinds of processes as well as commonly used network protocols. Furthermore, different ICS systems must be coordinated to be convincing. One promising approach is to put ICS honeypots on cloud services where their simulations of industrial processes can be managed centrally to present a realistic view of an operational environment. At the same time, cloud installations could potentially provide much larger numbers of honeypots, something useful in detecting rare and random cyberattacks, which tend to include a high proportion of innovative offensive techniques useful to detect. This work will improve on previous student work that used unconvincing simulations of ICSs in a honeypot by designing more realistic simulated processes. It will also look at what is necessary to implement convincing honeypots in the cloud, and also ⿿fake honeypots⿝, decoy sites having characteristics of honeypots but not being honeypots, to increase the effectiveness of the true honeypots. We will implement such sites, monitor network traffic, analyze the data, and report on what we find.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal