A Cyber-Twin Based Honeypot for Gathering Threat Intelligence

• URL: http://arxiv.org/abs/2509.09222v1
• Date: Thu, 11 Sep 2025 07:57:34 GMT
• Title: A Cyber-Twin Based Honeypot for Gathering Threat Intelligence
• Authors: Muhammad Azmi Umer, Zhan Xuna, Yan Lin Aung, Aditya P. Mathur, Jianying Zhou,
• Abstract summary: We describe a honeypot based on a cyber twin for a water treatment plant.<n>The honeypot is intended to serve as a realistic replica of a water treatment plant that attracts potential attackers.<n>The attacks launched on the honeypot are recorded and analyzed for threat intelligence.
• Score: 3.5121508483333876
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Critical Infrastructure (CI) is prone to cyberattacks. Several techniques have been developed to protect CI against such attacks. In this work, we describe a honeypot based on a cyber twin for a water treatment plant. The honeypot is intended to serve as a realistic replica of a water treatment plant that attracts potential attackers. The attacks launched on the honeypot are recorded and analyzed for threat intelligence. The intelligence so obtained is shared with the management of water treatment plants, who in turn may use it to improve plant protection systems. The honeypot used here is operational and has been attacked on several occasions using, for example, a ransomware attack that is described in detail.

Related papers

• Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE [64.47951172662745]
  Cuckoo Attack is a novel attack that achieves stealthy and persistent command execution by embedding malicious payloads into configuration files.<n>We formalize our attack paradigm into two stages, including initial infection and persistence.<n>We contribute seven actionable checkpoints for vendors to evaluate their product security.
  arXiv  Detail & Related papers  (2025-09-19T04:10:52Z)
• An Attack-Driven Incident Response and Defense System (ADIRDS) [6.086706416389243]
  "ADIRDS" is an online monitoring system to run with the real system.<n>By modeling the real system as a graph, critical nodes/assets of the system are closely monitored.<n>We successfully apply this system to a real case.
  arXiv  Detail & Related papers  (2025-02-04T11:12:05Z)
• Cyber Deception Reactive: TCP Stealth Redirection to On-Demand Honeypots [0.0]
  Cyber Deception (CYDEC) consists of deceiving the enemy who performs actions without realising that he/she is being deceived. This article proposes designing, implementing, and evaluating a deception mechanism based on the stealthy redirection of TCP communications to an on-demand honey server.
  arXiv  Detail & Related papers  (2024-02-14T14:15:21Z)
• Optimally Blending Honeypots into Production Networks: Hardness and Algorithms [11.847370655794608]
  Honeypot is an important cyber defense technique that can expose attackers new attacks. In this paper, we initiate a systematic study on characterizing the cybersecurity effectiveness of a new paradigm of deploying honeypots.
  arXiv  Detail & Related papers  (2024-01-12T18:54:51Z)
• TwinPot: Digital Twin-assisted Honeypot for Cyber-Secure Smart Seaports [13.49717874638757]
  Digital Twin (DT) technology can be employed to increase the complexity and simulation fidelity of the honeypots. We propose a DT-assisted honeypot, called TwinPot, for external attacks in smart seaports. We show that our solution successfully detects internal and external attacks.
  arXiv  Detail & Related papers  (2023-10-19T16:35:28Z)
• The Best Defense is a Good Offense: Adversarial Augmentation against Adversarial Attacks [91.56314751983133]
  $A5$ is a framework to craft a defensive perturbation to guarantee that any attack towards the input in hand will fail. We show effective on-the-fly defensive augmentation with a robustifier network that ignores the ground truth label. We also show how to apply $A5$ to create certifiably robust physical objects.
  arXiv  Detail & Related papers  (2023-05-23T16:07:58Z)
• Look, Listen, and Attack: Backdoor Attacks Against Video Action Recognition [53.720010650445516]
  We show that poisoned-label image backdoor attacks could be extended temporally in two ways, statically and dynamically. In addition, we explore natural video backdoors to highlight the seriousness of this vulnerability in the video domain. And, for the first time, we study multi-modal (audiovisual) backdoor attacks against video action recognition models.
  arXiv  Detail & Related papers  (2023-01-03T07:40:28Z)
• Honeypot Implementation in a Cloud Environment [0.0]
  This thesis presents a honeypot solution to investigate malicious activities in heiCLOUD. To detect attackers in restricted network zones at Heidelberg University, a new concept to discover leaks in the firewall will be created. A customized OpenSSH server that works as an intermediary instance will be presented.
  arXiv  Detail & Related papers  (2023-01-02T15:02:54Z)
• Backdoor Attack in the Physical World [49.64799477792172]
  Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs) Most existing backdoor attacks adopted the setting of static trigger, $i.e.,$ triggers across the training and testing images. We demonstrate that this attack paradigm is vulnerable when the trigger in testing images is not consistent with the one used for training.
  arXiv  Detail & Related papers  (2021-04-06T08:37:33Z)
• A Partial Break of the Honeypots Defense to Catch Adversarial Attacks [57.572998144258705]
  We break the baseline version of this defense by reducing the detection true positive rate to 0% and the detection AUC to 0.02. To aid further research, we release the complete 2.5 hour keystroke-by-keystroke screen recording of our attack process at https://nicholas.carlini.com/code/ccs_honeypot_break.
  arXiv  Detail & Related papers  (2020-09-23T07:36:37Z)
• Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching [56.280018325419896]
  Data Poisoning attacks modify training data to maliciously control a model trained on such data. We analyze a particularly malicious poisoning attack that is both "from scratch" and "clean label" We show that it is the first poisoning method to cause targeted misclassification in modern deep networks trained from scratch on a full-sized, poisoned ImageNet dataset.
  arXiv  Detail & Related papers  (2020-09-04T16:17:54Z)
• Rethinking the Trigger of Backdoor Attack [83.98031510668619]
  Currently, most of existing backdoor attacks adopted the setting of emphstatic trigger, $i.e.,$ triggers across the training and testing images follow the same appearance and are located in the same area. We demonstrate that such an attack paradigm is vulnerable when the trigger in testing images is not consistent with the one used for training.
  arXiv  Detail & Related papers  (2020-04-09T17:19:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.