Shodan indicators used to detect standard conpot implementations and their improvement through sophisticated customization
Document Type
Conference Proceeding
Publication Title
2022 IEEE Conference on Dependable and Secure Computing
Publisher
IEEE
School
School of Science
RAS ID
47160
Funders
Cyber Security Research Centre / Australian Government's Cooperative Research Centres
Abstract
Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.
DOI
10.1109/DSC54232.2022.9888911
Access Rights
subscription content
Comments
Cabral, W. Z., Sikos, L. F., & Valli, C. (2022). Shodan indicators used to detect standard conpot implementations and their improvement through sophisticated customization. In 2022 IEEE Conference on Dependable and Secure Computing (DSC) (pp. 1-7). IEEE. https://doi.org/10.1109/DSC54232.2022.9888911