Full Paper

CYBER-PHYSICAL SYSTEM SECURITY
USING DECOY SYSTEM
R.J.BAIJUSHA,
, Department of Computer Science St.
Joseph College of Enineering, Sriperumbudur,
India
Mr.R.GANESHAN,
Assistant Professor,
Department of CSE,
St. Joseph College of Enineering,
Sriperumbudur, India
Abstract— Design and implement a self-configuring honey
pots that inactively examine organize system network
interchange and actively acclimatize to the experiential
surroundings. Propose a Ettercap scheme, an established
network security tool , for execution.Use Ettercap XML
output, a novel four-step algorithm be urbanized for
independent formation and renew of a Honeyd
arrangement.The algorithm is tested on an obtainable
small campus network and feeler network by
implementation of a joint custom state. Automatically
created virtual hosts were deployed in performance
through an anomaly behavior (AB) system in an assault
state of dealings.
Keywords— control system network traffic, intrusion
detection, network security.
I. INTRODUCTION
Many modern composite organize systems are
interrelated via Ethernet networks. These networks, create
deploy in areas such as chemical services or energy
fabrication, are utilized to send position and organize
information critical to the process of physical systems. A
compromised control system could have security, public
safety, industrial or economical consequences. The need for
resilient adaptive security systems, specifically developed for
critical cyber-physical systems, is increasing with the elevated
levels of cyber security threats in the modern world.
Furthermore, with the advent of the smart grid, the number of
configurable devices to be deployed is relatively high. For
example, in a typical advanced metering infrastructure system,
1500 wireless sensors statement to single or multiple wireless
access points nodes. As of April 2010, almost 69 million of
these meters were designed for deployment in the United state.
Assume a uniform deployment of sensors, this plan calls for
46 000 WAPs. So, in addition to protecting existing networks,
a large-scale deployment of new devices will soon be
prevalent.
Network security monitoring systems are
a
significant part of a solution to protecting control systems. In
most contexts,they are rarely capable of providing perfect
intrusion detection. Deceptive systems, called honeypots, that
emulate critical network entities have been deployed in
tandem with monitoring solutions to improve detection
accuracy and precision rates . It is difficult to list the definitive
attributes of a network host necessary to attract an attacker’s
attention. This requires analysis of attackers’ motivations,
which may vary in depth and details depending on the
situation. However, a reasonable assumption can be made that
if any of the real devices on the network are a attractive target,
than emulation of those systems would be a creative train.
Given this basis and the problem of a large
device
deployment, a applicable fear is sinking the human effort
involved while providing an improved security posture.
In addition to a honeypots faithful reconstruction of a
host’s network incidence computerization is a key ability.
According to John Ousterhout, there are four common steps
for turning deployments from an enemy into a friend . First,
and most important, is automation. This is essentially a
question of economy. It is usually cheaper to build better tools
than manually manage the configurations of individual devices
in a large system. In this paper, the mutual use of energetic
virtual honeypots in a manage system network is begin.
Aspects of effective tools for identifying network host
characteristics are examine. The presented algorithm focus on
repeatedly organization the difficulty of self-configurable
dynamic virtual hosts (DVH) by get used to to an operational
network environment.
A self-updating model, based on passive monitoring
of the network devices, is formed and maintain. This model is
use to arrange misleading network entities intended to draw
the focus of malicious target. Finally, a usage situation is
examine to show how imitate a real network is useful when
joint with an anomaly detection routine.
The objective function is to create a Dynamic virtual
honeypots which are well-organized tools for monitor and
attract network interloper activity.Compared to the proposed
scheme, the existing scheme has a self- configuring honey
pots that inactively observe organize system network
interchange and dynamically adjust to the environment.
The scope of the project is to protect the data from
the unauthorized person .Create a Dynamic virtual honeypots
which are effective tools for observe and attracting network
intruder activity.
With the beginning of the smart grid, the number of
configurable devices to be deployed is reasonably high. The
existing scheme is severely affected by malicious nodes that
affects network systems. The cyber devices is not coupled
with the physical process they organize and human induce
failure hazard in the real-world consequences. Network
intruder activity does not have a significant effect on the
139
All Rights Reserved © 2015 IJARTET
network systems. Modification of packets may have a
significant impact on the network map. A novel four-step
algorithm was used in the existing system to create dynamic
virtual host.
II. RELATED WORK
O. Linda, T. Vollmer, and M. Manic, The
resiliency and security in organize systems such as SCADA
and Nuclear plant’s in today’s world of attackers and malware
are a connected concern.Computer systems used within
dangerous infrastructures to organize physical function are not
protected to the threat of cyber attack and may be potentially
susceptible. Tailoring an imposition discovery system to the
particulars of critical infrastructures can significantly recover
the security of such systems.The Intrusion exposure System
using Neural Network based model, is accessible in this paper.
The main donations of this work are: 1.the use and analysis of
actual network information (data recorded from an existing
serious infrastructure; 2.the expansion of a exact window
based attribute removal method; 3.the building of preparation
dataset using arbitrarily generated intrusion vectors; 4.the use
of a grouping of two neural network learning algorithms – the
Error-Back broadcast and Levenberg- Marquardt, for normal
performance model.
Wheeler,Todd Vollmer, to Produce technologies
capable of defensive the country’s power
sector
communications from cyber attack.Preserve critical energy
sector infrastructure. Used Mesh Mapper (MM) Tool,
Intelligent Cyber Sensor (ICS) Tool.Each is designed to
function efficiently on its possess, or they can be included in a
diversity of modified configurations based on the end user’s
hazard contour and security requests.
M. A. McQueen and W. F. Boyer, Control system
cyber security protection mechanism may employ dishonesty
in human organization connections to make it more hard for
intruders to plan and implement winning attacks. .In Proposed
System, These misleading protection mechanisms are
organized and originally explored according to a exact
dishonesty classification and the seven abstract scope of
security before proposed as a structure for the cyber security
of control systems.
Y. Huang et al, It describe an approach for rising threat
models for attacks on control systems. In Existing System,
Using increasing threat models for attacks on control systems.
These models are useful for analyze the actions taken by an
intruder who gain access to control system possessions and for
evaluate the effects of the intruder actions on the physical
process being prohibited In Proposed System , The paper
propose models for reliability attacks and denial-of-service
attacks, and evaluate the physical and economic significance
of the attacks on a chemical reactor system.
R.Sommer and V. Paxson, In network imposition detection
explore, one popular strategy for decision attacks is monitor a
network’s movement for Anomalies. In Existing System,
Determine differences between the network trouble detection
difficulty and other areas where machine knowledge
frequently finds much more accomplishment.In Proposed
System, Our main declare is that the task of decision attacks is
basically different from these other application, creation it
considerably harder for the intrusion detection society to
employ machine learning successfully.
C. Rieger, D. Gertman, and M. McQueen, Since digital
organize systems were introduce to the advertise more than
30 years ago, the operational competence and constancy gain
through their use have fueled our relocation and eventual
confidence on them for the monitoring and organize of
critical communications. In Existing System, Digital control
systems were introduced to the advertise more than 30 years
ago.While these systems have been planned for functionality
and reliability, a hostile cyber environment and reservations in
multifaceted networks and human connections have placed
added parameters on the design opportunity for control
systems.
III. PROPOSED ALGORITHM
A . Apriori algorithm
Apriori is proceeds by finding the repeated inseparable items
in the record and extend them to superior and larger item set
as extended as those item sets appear adequately frequently in
the record. The constant thing sets resolute by Apriori can be
used to decide association rules which denotes database
management system: this has applications such as transaction
method. Apriori is designed to databases containing database
management system.
procedure Apriori Algorithm()
begin
m 1 = {frequent 1-item sets};
for (n = 2; m= k-1 0; n++ ) do {
An= Apriori-gen(m= n-1) ;
for all transactions T in the data set do {
for all candidates a an contained in t do
c:count++
}
M n = { A an | a:count >= min-support}
}
Answer := n mn
End
B.Honeypot
In computer terminology, a Honeypot is a trap set to
find, bounce, or, in some manner, defect attempts at
unauthorized use of systems. Generally, a Honeypot consists
of a system, data, or a network location that appear to be
fraction of a network, but is actually remote and scan, and
which seems to hold in order or a reserve of rate to intruders.
This is like to the police trap a criminal and then organize
undercover inspection. Honeypots can be confidential based
on their use and based on their level of participation.
Honeypots may be classified as,
Research Honeypots
Production Honeypots are easy to use, represent only
finite data, and are used primarily by institution or company.
Production Honeypots are placed inside the construction
network with other manufacture servers by an association to
advance their overall position of protection. Normally,
fabrication Honeypots are low-communication Honeypots,
140
All Rights Reserved © 2015 IJARTET
which are easier to found. They give some information about
the intruder or attackers than investigate Honeypots do.
Research Honeypots
investigate Honeypots are run to collect information
about the motive and strategy of the Blackhat society target
unusual networks. These Honeypots do not add
d express value
to a exact company; instead, they are used to research the
terrorization that company face and to learn how to better
defend beside those threats. Research Honeypots are complex
to deploy and protect, represent general data, and are used
fundamentally
by
inspect,
army,
or
government
organization.Based on design criterion, Honeypots can be
organize as,
1.
pure Honeypots
2.
high-interaction Honeypots
3.
low-interaction Honeypots
Bind 192.168.1.123 vn1
Malware Honeypots
Malware Honeypots are used to detect malware, by
utilizing the known imitation and assault vectors
of
malware.Iimitation vectors such as USB flash drives can
easily be verified for evidence of alterations, either during
manual means or utilize special reason Honeypots to
reproduce drives. Malware growingly is used to investigate
for, and take cryptocurrencies, which provides
an
opportunities for services such as Bitcoin Vigil to create and
monitor Honeypots by using little amount of money to provide
early caution alerts of malware infection.
IV.SYSTEM DESIGN
Design is multi-step procedure that focus on data
structure software construction, technical details, (algorithms
etc.) and association involving modules. The design procedure
also translate the rations into the execution of software that
can be access for excellence previous to coding strats.
Pure Honeypots
Pure Honeypots
are full-fledged construction
systems. The activities of the intruder are track by using a
relaxed valve that has been install on the honeypot's link to the
network. Even though a unadulterated honey
ypot is useful,
stealthiness of the protection mechanisms can be ensure by a
more restricted method.
High-interaction Honeypots
High-dealings Honeypots duplicate the activities of
the construction systems that host a multiplicity of services
and, therefore, an intruder may be allowed a grouping of
services to misuse his time. By enroll virtual machines,
multiple Honeypots can be provide on a single
somatic
machine. Therefore, even if the Honeypot is make a deal, it
can be replace more fast. In general, high-interface Honeypots
supply more defense by being troublesome to notice, but they
are highly exorbitant to maintain. If virtual machines are not
available, one Honeypot must be maintained for each physical
computer, which can be prohibitive expensive.
Low-interaction Honeypots
Low-interaction Honeypots simulate only
the
services frequently requested by intruder. Since they take
comparatively few resort, multiple virtual machines can easily
be provided on one physical system, the virtual systems have a
short reaction time, and less code is required, reducing the
problem of the virtual system's security.
Create vn1
Set vn1 personality “Linux2.4.xx”
Set vn1 default tep action reset
Set vn1 default udp action reset
Set vn1 default icmp action reset
Add vn1 tep port 23’/script/router-telnet.pl’
Set vn1 ethernet “00:00:AB:C1:00:23”
Fig 1. Architecture Diagram
Computer software design change always as new
method; better investigation and broader understanding
evolve. Software Design is at relatively early stage in its
revolution.
Therefore, Software Design methodology lacks the
depthsuppleness and qualitative scenery that are usually
related with more usual engineering discipline. However
techniques for software designs do live, criterion for design
character are accessible and design register can be useful.
Then describe the software tool estimate and
completion logic of the explanation. The Client Honeypot
Generates a request to the Benign Server Which maintains the
overall history of the User. Then the user get the response
141
All Rights Reserved © 2015 IJARTET
from the server and the overall history will be viewed to the
client. Then from the malicious server, the server sends a
original web history of the client, in which the users hides the
Details of the history to the overall server. The cyber Crime
identifies the difference Between the web History and the
Hided data will be captured.
The Client Honeypot Generates a request to the
Benign Server Which maintains the overall history of the
User. Then the user get the response from the server and
theoverall history will be viewed to the client. Then from the
malicious server, the server sends a original web history of the
client, in which the users hides the Details of the history to
theoverall server. The cyber Crime identifies the difference
Between the web History and the Hided data will be captured.
Implementation is the stage of the project when the theoretical
design is turned out into a working system.
A.User Web History
To checks the users history of browser and the users
history whether the system has already used all the history of
the module are taken and it will be stored in the system and
they are used system in this condition the evidence are easily
created and all are stored in the database. This module
checks User Web History View is a usefulness that converts
the history data of 4 different Web browsers Internet Explorer,
Mozilla Firefox, Google Chrome, and Safari and present the
browsing the past of all these Web browsers history of the
module taken and it will be stored in the system and they are
used system in this condition the evidence are easily created
and all are stored in the database.
B. Systematic Evidence
Checks what all are the system used and the history are
stored in the system and the system history what all are they
used in the system and the overall evidence has been created
for the system and the system has system have been stored in
more secured in the form of the database. This module
checks User System History View is a utility that reads the
history data of what all are the system used and lists all folders
that the user has visited in the past. System history is
composed when change are made to certain system plans and
settings, what are the applications used. This system history
data is compare occasionally to the earlier system settings,
and if there are any modify, those modify are stored in the
system and they are used system in this condition the evidence
has been created for the system and the system has system
have been stored in more secured in the form of thedatabase.
or a network site that appears to be part of a network, but is
actually remote and verified, and which seems to contain
information or a resource of worth to attackers. This is similar
to the police baiting a criminal and then conducting
undercover surveillance. From the intruder it will collect the
information for the purpose of the evidence and the system of
intruder will find and block the enter into the system .
D. Certification of supervision
Admin check whether the evidence which was provided
by the user are trust and they can produce the evidence to the
court according to the user request and if any problem it can
play an important roll. Admin check whether the evidence
which was provided by the user are trust and they can produce
the evidence to the court according to the user request and if
any problem it can play an important role. Effective
supervision is key to the success of organization. This module
will store the information of the intruder into the database and
the information will useful to block the intruder and stop the
intruder into the system against it will get the information of
the intruder.
E. Intruder Information
Store the information of the intruder into the database
and the information will useful to block the intruder and stop
the intruder into the system against it will get the information
of the intruder. Store the information of the intruder into the
database and the information will useful to block the intruder
and stop the intruder into the system against it will get the
information of the intruder.
F. Attackers Exception
Delay the intruder enter into the system in the form
of the honey pot technology it will act proxy as a system and
attract the system information into the proxy and get all the
information it will make it delay to connect.It will delay the
intruder enter into the system in the form of the Honeypot
technology and a Honeypot is a trap set to notice, redirect, or,
in some way, counteract attempts at unauthorized use
of information systems. it will act proxy as a system and
attract the system information into the proxy and get all the
information such as browsing history and the of all these Web
browsers history and System history
C. Honey Pot Security
It makes intruder attract in the honey pot. From the
intruder it will collect the information for the purpose of the
evidence and the system of intruder will find and block the
enter into the system and make the system more secure then
the evidence of the system would be true. It makes intruder
attract in the Honeypot.
In computer terminology,
a Honeypot is a trap set to find, divert, or, in some manner,
counteract attempts at unauthorized use of information
systems. Generally, a Honeypot includes of a computer, data,
Fig 1.Select web history
142
All Rights Reserved © 2015 IJARTET
Test Network
The network includes a flat of wireless sensors select
at environmental state in the building, wind and solar
renewable resort, and a diversity of organize system devices.
The SCG is attach to a little storm turbine, a solar power
position, and a wireless AMI. in addition, the network has
several Windows based computers, web camera’s, a Rockwell
mechanization PLC, and a National Instruments PLC.
VI. DISCUSSIONS
The main objective of the project is to create a Dynamic
virtual honeypots which are effective tools for perceive and
entice network attacker activity.Compared to the proposed
scheme, the existing scheme has a self- configuring honey
pots that passively examine control system network traffic and
actively adapt to the environment.
The proposed method self-configuring honeypots that
inertly inspect control system network transfer .In the
proposed system the practical hosts were deploy in
performance with an anomaly behavior (AB) system in an
assault . Virtual hosts were mechanically configured with
single emulate network stack for the targeted devices. With
the use of Ettercap, a novel four-step algorithm was residential
for autonomous formation and Honey pot configuration. In the
Proposed system we use Apriori algorithm to virtual host.
Fig 2. View web history
VII.CONCLUSION
The automatically deployed honey pots was to attract and
possibly delay an intruder on the network.The primary
enabling technologies included continual host monitoring,
reconfigurable deceptive virtual hosts, and a network AB
monitor.
Fig 3.Select windows history
V.RESULTS
In the following test scenario, scans and probes are
directed at all devices on the network representing the
observation phase of an interruption. This assumes that
the intruderr is an outsider and does not have a
network map. The goal of the security system is to
produce informational alerts about the abnormal
presence. To improve the cyber security of network
systems. An anomaly detection system is instruct on a
set of normal network conduct. The extricafe behavior
model is then used to notice anomalous behavior in any
eventually observed traffic.
Fig 4.View windows history
143
All Rights Reserved © 2015 IJARTET
REFERENCES
[1] D. A. Shea, “Critical in frastructure: Control
systems and the terrorist threat,”Libr. Congr., Rep.
Congr. RL31534,
Jan. 2004.
[2] Y. Huangetal., “Understanding the physical and
economic consequences of attacks on control
systems,” Int. J. Crit. Infrastruct. Prot., vol. 2, no. 3,
pp. 73–83, Oct. 2009.
[3] C.Rieger, D.Gertman, and M.McQueen,
“Resilient control systems: Next generation design
research,” in Proc. 2nd IEEE Conf. Human
Syst.Interact., Catania, Italy, May 2009, pp. 632–636.
[4] G. Rueff, B. Wheeler, T. Vollmer, and T.
McJunkin, “INL control system situational awareness
technology final report,” INL, Idaho Falls, ID, USA,
Rep. EXT-11-23408, Jan. 2013.
[5] J.Hieb and H.Graham, “Anomaly-based
intrusiondetection for networkmonitoring using a
dynamic honeypot,” Intell. Syst. Res. Lab.,
Univ.Louisville, Louisville, KY, TR-ISRL- 04–03,
Dec. 2004.
144
All Rights Reserved © 2015 IJARTET