蜜罐
互联网
协议(科学)
计算机科学
计算机安全
工业控制系统
控制(管理)
计算机网络
万维网
人工智能
医学
病理
替代医学
作者
Jacob Williams,Matthew Edwards,Joseph Gardiner
标识
DOI:10.48550/arxiv.2410.17731
摘要
The convergence of information and operational technology networks has created previously unforeseen security issues. To address these issues, both researchers and practitioners have integrated threat intelligence methods into the security operations of converged networks, with some of the most valuable tools being honeypots that imitate industrial control systems (ICS). However, the development and deployment of such honeypots is a process rich with pitfalls, which can lead to undiagnosed weaknesses in the threat intelligence being gathered. This paper presents a side-channel method of covertly identifying ICS honeypots using the time-to-live (TTL) values of target devices. We show that many ICS honeypots can be readily identified, via minimal interactions, using only basic networking tools. In a study of over 8,000 devices presenting as ICS systems, we detail how our method compares to an existing honeypot detection approach, and outline what our methodology reveals about the current population of live ICS honeypots. In demonstrating our method, this study aims to raise awareness of the viability of the TTL heuristic and the prevalence of its misconfiguration despite its presence in literature.
科研通智能强力驱动
Strongly Powered by AbleSci AI