Abstract

In order to protect ICS (Industrial Control System), there are many discussions about ICS security from the viewpoint of cyber defenders. ICS, however, has its specific difficulties to install IT security means such as antivirus with firewall software, because of its 24 hour-a-day, 365 days-a-year non-stop operation under the safety first culture. Comparing IT system, ICS has a certain advantage related to handling against cyber-attacks with operation staffs and safety devices installed in a plant. It is indispensable to fully utilize this advantage, ant at the same time, it is necessary to create leeway in terms of mental and time state to start staff's situated actions based on the safety training. In order to prepare maximum leeway and to prevent effective and concentrated cyber-attacks, human factors of attackers should be analyzed based on their attack scenarios each having three stages; “Information Gathering Time”, “Free Attacking Time”, and “Cover Up Time”. In this scenario, the attacker usually strives to shorten “Information Gathering Time”, and also “Cover Up Time” so as to extend “Free Attacking Time”. In this research, the authors propose CamouflageNet that changes its own configuration when it detects a signal of reconnaissance activities such as NMAP scan at the “Information Gathering Time”. This dynamic reconfiguration forces the attackers to waste their valuable “Information Gathering Time” by re-reconnaissance, which disturbs their concentration works. CamouflageNet consists of ICS Communication Profiler, Honeypot Generator, Dynamic Traffics Generator and Network Exchanger. In this paper, an illustrative example of CamouflageNet installed in our cyber-attack test bench is also presented.