Author:
Kalinin Maxim,Zegzhda Dmitry,Zavadskii Evgenii
Abstract
Rapid progress of computing and info-communication technologies (ICT) has changed the ecosystem of power production and delivery. Today, an energy network is a complex set of interrelated devices and information systems covering all areas of electric power operations and applying ICT based on open standards, such as IEC 60870, IEC 61850, and IEC 61970. According to IEC 62351, the energy networks are faced with high cybersecurity risks caused by open communications, security requirements rarely considered in the energy facilities, partial and difficult upgrades, and incompatibility of secure tools with industrial solutions. This situation results in new security challenges, e.g., denial of service attacks on the connected controllers, dispatching centers, process control systems, and terminals. IEC 62351 describes possible ways to comprehensive security in the energy networks. Most of them used in traditional networks (e.g., firewalls, intrusion detection systems) can be adapted to the energy networks. Honeypot systems as a protection measure help us to mitigate the attacks and maintain necessary security in the networks. Due to the large scale of an energy network and heterogeneity of its components, a new design, deployment, and management strategy for the honeypot systems are required. The paper suggests a new method for organizing a virtual network infrastructure of a hybrid honeypot system and a dynamic management method that adapts the network topology to the attacker’s actions according to the development graph of potential attacks. This technique allows us to dynamically build virtual networks of arbitrary scale. Because of the similarity of the virtual network to the virtualized origin and providing the level of interactivity of its nodes corresponding to real devices, this technique deploys an energy network indistinguishable from the real one for the attackers. A prototype of our honeypot system has been implemented, and experiments on it have demonstrated the more efficient use of the computing resources, the faster reaction to the attacker’s actions, and the deployment of different sizes of virtual networks for the given limits of the computing resources.
Funder
Ministry of Science and Higher Education of the Russian Federation
Subject
Energy (miscellaneous),Energy Engineering and Power Technology,Renewable Energy, Sustainability and the Environment,Electrical and Electronic Engineering,Control and Optimization,Engineering (miscellaneous),Building and Construction
Reference39 articles.
1. Paul, S. (2014, January 16–17). A review of smart technology (Smart Grid) and its features. Proceedings of the 2014 1st International Conference on Non Conventional Energy (ICONCE 2014), Kalyani, India.
2. (2022, February 20). Claroty Biannual Ics Risk & Vulnerability Report: 1H 2021. Available online: https://claroty.com/wp-content/uploads/2021/08/Claroty_Biannual_ICS_Risk_Vulnerability_Report_1H_2021.pdf.
3. A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems;Franco;IEEE Commun. Surv. Tutor.,2021
4. (2022, January 20). Repository HoneyD. Available online: https://github.com/DataSoft/Honeyd.
5. Wagener, G. (2011). Self-Adaptive Honeypots Coercing and Assessing Attacker Behaviour. [Ph.D. Dissertation, Institut National Polytechnique de Lorraine-INPL].
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献