Analysis of Conpot and Its BACnet features for cyber-deception

Author Identifier (ORCID)

Leslie Sikos

ORCID : 0000-0003-3368-2215

Abstract

There is an increasing awareness of the cybersecurity issues around SCADA/ICS systems that are the cyber-physical connectors of our industrialized world to the Internet. Alerton’s BACtalk VAV-DD controller is an example of a multipurpose SCADA device that provides autonomous pressure control for any dual-duct VAV container using the BACnet protocol. The majority of devices functioning on the BACnet protocol are legacy deployments, which are difficult to secure. Therefore, SCADA honeypots such as Conpot are significant tools not only for regulating threats affecting SCADA devices such as the VAV-DD controller but also for the early detection of probable malicious tampering within a SCADA environment. This chapter analyzes the templates of the Conpot honeypot with special emphasis on the default template.xml file and the bacnet.xml protocol file and their potential to be used deceptively.

Document Type

Conference Proceeding

Date of Publication

2021

Publication Title

Advances in Security, Networks, and Internet of Things

Publisher

Springer International Publishing

School

School of Science / ECU Security Research Institute

Funders

Cyber Security Research Centre

Australian Government's Cooperative Research Centres program

Comments

Cabral, W. Z., Valli, C., Sikos, L. F., Wakeling, S. G. (2021). Analysis of Conpot and its BACnet features for cyber-deception. In Advances in Security, Networks, and Internet of Things (329-339). Springer, Cham. https://doi.org/10.1007/978-3-030-71017-0_23

Copyright

subscription content

Share

 
COinS
 

Link to publisher version (DOI)

10.1007/978-3-030-71017-0_23