GGrantIndex
← Search

SaTC: CORE: Small: Towards Deceptive and Domain-Specific Cyber-Physical Honeypots

$600,000FY2023CSENSF

Georgia Tech Research Corporation, Atlanta GA

Investigators

Abstract

Cyber-physical critical infrastructures provide management and control capabilities for mission-critical utilities such as power grids. Programmable logic controllers (PLCs) play a key role as they serve as a convenient bridge between the cyber and the physical worlds. PLCs’ critical roles have made them the target of sophisticated cyberattacks that are designed to disrupt their operation, which creates both social unrest and financial losses. In this context, cyber honeypots have been shown to be highly valuable tools for collecting data to better understand the many different strategies and objectives of the attackers. The project’s novelty is to develop a new domain-specific stealthy honeypot for cyber-physical critical infrastructures and specifically PLC controllers. The solutions allow for active data collection using autonomous interactions with attacker’s software to activate its malicious capabilities. The project's broader significance and importance are to provide guidelines for researchers and practitioners looking to incorporate honeypots and security methods into cyber-physical systems (CPS) and embedded controllers. For complete stealth, the solutions leverage air-gapped observations of the malware behavior through physical side channels such as PLC processor power signal produced by the on-device malicious code execution. For deception, the techniques leverage mathematical models and physics-informed neural networks to provide a realistic emulation of the physical dynamics and a misleading physical process interface to the PLC input-output ports. The research outcomes address the above-mentioned semantic gap via an automated binary reverse engineering of the malicious controller code to extract the high-level adversarial objectives from low-level controller software execution traces. This enables the classification of adversaries dynamically using online data-driven meta-learning algorithms. This work transforms how people approach the problem of threat intelligence and modeling in CPS, in that the holistic view cognizant of both cyber and physical factors becomes widespread. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →