On Design and Enhancement of Smart Grid Honeypot System for Practical Collection of Threat Intelligence


Daisuke Mashima, Derek Kok, and Wei Lin, Illinois at Singapore; Muhammad Hazwan and Alvin Cheng, Custodio Technologies

Long Preliminary Work Paper


The smart grid system is exposed to cyberattacks, as demonstrated by the number of real-world incidents in the last few years. The attack strategies keep evolving, and security mechanisms must identify novel attack vectors ideally before they actually hit the system. In this direction, honeypot systems for smart grid infrastructure are considered effective. While use of honeypot systems for general IT security has a history already, implementations for smart grid systems, and industrial control systems in general, are not mature yet. In this paper, we summarize our efforts for designing, implementing, and evaluating our smart grid honeypot system. We started with a prototype implementation of the virtual smart grid infrastructure using open-source tools, evaluate the realism of it from an attacker's perspective through collaboration with cybersecurity experts. We then refined the honeypot system to offer better realism as well as logging features for capture attackers' behaviours.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {256926,
author = {Daisuke Mashima and Derek Kok and Wei Lin and Muhammad Hazwan and Alvin Cheng},
title = {On Design and Enhancement of Smart Grid Honeypot System for Practical Collection of Threat Intelligence},
booktitle = {13th USENIX Workshop on Cyber Security Experimentation and Test (CSET 20)},
year = {2020},
url = {https://www.usenix.org/conference/cset20/presentation/mashima},
publisher = {USENIX Association},
month = aug

Presentation Video