SCADA honeypots: An in-depth analysis of Conpot

  title={SCADA honeypots: An in-depth analysis of Conpot},
  author={Arthur Jicha and Mark W. Patton and Hsinchun Chen},
  journal={2016 IEEE Conference on Intelligence and Security Informatics (ISI)},
Supervisory Control and Data Acquisition (SCADA) honeypots are key tools not only for determining threats which pertain to SCADA devices in the wild, but also for early detection of potential malicious tampering within a SCADA device network. An analysis of one such SCADA honeypot, Conpot, is conducted to determine its viability as an effective SCADA emulating device. A long-term analysis is conducted and a simple scoring mechanism leveraged to evaluate the Conpot honeypot. 
Analysis of attack and attackers on VoIP Honeypot environment
  • H. H. Kilinc, Omer Acar
  • Computer Science
    2018 26th Signal Processing and Communications Applications Conference (SIU)
  • 2018
A low interaction honeypot environment was implemented to identify the behaviors of the attackers and the services most frequently used and provides an in-depth analysis about both attacks and attackers profile, their tactics and purposes.
Analysis of Conpot and Its BACnet Features for Cyber-Deception
This chapter analyzes the templates of the Conpot honeypot with special emphasis on the default template.xml file and the bacnet.xml protocol file and their potential to be used deceptively.
Honeypot Utilization for Network Intrusion Detection
This study used a honeypot called Kippo to identify attack behavior in Finland and analyzed attacker behavior to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used.
A Survey of Game-Theoretic Approaches to Modeling Honeypots
Honeypots are fake information resources that authorized users never connect with and which are under permanent control of information security specialists. Honeypots are widely used traps for
Lightweight On-demand Honeypot Deployment for Cyber Deception
Honeypots that are capable of deceiving attackers are an effective tool because they not only help protect networks and devices, but also because they collect information that can lead to the
Creating Convincing Industrial-Control-System Honeypots
GridPot received a higher rate of traffic than Conpot, and many visitors to both were deceived as to whether they were dealing with a honeypot, which is good news for collecting useful attack intelligence with ICS honeypots.
NeuralPot: An Industrial Honeypot Implementation Based On Deep Neural Networks
In this paper a new method of adapting a honeypot system in a modern industrial network, employing the Modbus protocol, is introduced, and two distinct deep neural network implementations are utilized to adapt to network Modbus entities and clone them, actively confusing the intruders.
Review on Efficient Log Analysis to Evaluate Multiple Honeypots using ELK
In this survey I’m going to examine the efficiency of IDS/IPS and other honeypots with ELK to help me analyze the collected logs.
SCADA security using SSH honeypot
This article uses a SSH honeypot tool called Kippo to log brute force attacks and shell interaction performed by attackers in order to take attention away in the production server.
A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network
Honeypot imitates the contact between emulated computer and attacker with the objective of acquiring sufficient data for effective analysis and potential prevention of attacks, which can later be used to prevent future attacks.


SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats
Since the Stuxnet worm was discovered by a Belarusian security company, there has been a growing awareness of and a renewed interest in control system security. There is concern from some security
ICS Threat Analysis Using a Large-Scale Honeynet
A large-scale, low-interaction honeypot system is deployed and the interaction results for a variety of industrial and non-industrial protocols are described, and the influence of industrial devices being listed on a device-oriented public search engine such as SHODAN is analysed.
Evaluating Low Interaction Honeypots and On their Use against Advanced Persistent Threats
Evaluating several Low Interaction Honeypots according to several usability and performance criteria and arguing on the utilization of LIHs that could indicate early signs of jeopardy from Advanced Persistent Threats (APT).
CryPLH: Protecting Smart Energy Systems from Targeted Attacks with a PLC Honeypot
This paper designs and implements the Crysys PLC honeypot (CryPLH) system to detect targeted attacks against industrial control systems and improves upon existing solutions in several aspects: most importantly in level of interaction and ease of configuration.
Botnet Detection: Honeypots and the Internet of Things (Unpublished doctoral dissertation). University of Arizona
  • 2015
Designing and Implementing a Honeypot for a SCADA Network
  • SANS Institute InfoSec Reading Room,
  • 2014
Design and implementation of critical infrastructure protection system
  • Budapest University of Technology and Economics, Department of Networked Systems and Services, 2013.
  • 2013
The SCADA That Didn't Cry Wolf
  • Blackhat 2013,
  • 2013
SCADA Honeynets: The attractivenss of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats (Doctoral dissertation, Iowa State University) (pp. 1-67)
  • 2011