Interplay between malware epidemics and honeynet potency in industrial control system network

The Industrial Control System (ICS) is widely used in industrial processes, such as power grids, water conservancy, natural gas, petrochemical and so on. More and more cyber attacks are targeting the ICS worldwide. This paper presents a novel honeynet-based epidemic model in ICS network. The honeynet is an active approach that can attract malware attacks and provide sample information and immunization strategy of the malware. An epidemic model with immunization and quarantine in ICS network is formulated to explore the dynamics of the malware propagation, and the honeynet potency is analyzed as well. Theoretical analysis reveals the disease-free and endemic equilibrium of our model, then the local and global stability of the disease-free (endemic) equilibrium are examined by the basic reproduction number. Furthermore, numerical experiments show that the honeypot with more system vulnerabilities is conducive to suppress the malware epidemic, and the honeynet with lower average degree power low index can be more effectively. In addition, simulation experiments provide the actual behavior of malware propagation in the ICS network and verification of our derivations.