[1]姚 旭,王 钢,任秀勤,等.基于发电厂控制系统的工控蜜罐设计与实现[J].计算机技术与发展,2022,32(10):114-119.[doi:10. 3969 / j. issn. 1673-629X. 2022. 10. 019]
 YAO Xu,WANG Gang,REN Xiu-qin,et al.Design and Implementation of Industrial Control Honeypot Based on Power Plant Control System[J].,2022,32(10):114-119.[doi:10. 3969 / j. issn. 1673-629X. 2022. 10. 019]
点击复制

基于发电厂控制系统的工控蜜罐设计与实现()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
32
期数:
2022年10期
页码:
114-119
栏目:
网络空间安全
出版日期:
2022-10-10

文章信息/Info

Title:
Design and Implementation of Industrial Control Honeypot Based on Power Plant Control System
文章编号:
1673-629X(2022)10-0114-06
作者:
姚 旭1 王 钢2 任秀勤3 张立芳1 孙 叶1
1. 内蒙古工业大学 信息工程学院,内蒙古 呼和浩特 010051;
2. 内蒙古工业大学 信息化建设与管理中心,内蒙古 呼和浩特 010051;
3. 北方联合电力海勃湾发电厂,内蒙古 乌海 016000
Author(s):
YAO Xu1 WANG Gang2 REN Xiu-qin3 ZHANG Li-fang1 SUN Ye1
1. School of Information Engineering,Inner Mongolia University of Technology,Hohhot 010051,China;
2. Information Construction and Management Center,Inner Mongolia University of Technology,Hohhot 010051,China;
3. Northern Union Power Haibowan Power Plant,W
关键词:
蜜罐工业控制系统网络安全防护cuckoo随机森林
Keywords:
honeypotindustrial control systemnetwork security protectioncuckoorandom forests
分类号:
TP302
DOI:
10. 3969 / j. issn. 1673-629X. 2022. 10. 019
摘要:
工业控制蜜罐区别于普通蜜罐的主要标志是使用蜜罐的场景不同,在工业控制蜜罐中,使用场景为工业控制系统,工业控制设备进行通讯时所采用的工控协议不同于普通的互联网协议。 工业控制蜜罐诱捕能力主要依靠其仿真交互水平,模仿协议通讯交互情况决定了诱捕环境的真实性。? 通过对真实发电厂控制系统的考察,提出结合沙盒技术,将发电厂控制系统置于沙盒中以还原蜜罐高仿真度。 采用协议逆向分析技术,深度解析 EGD 工控协议掌握协议特征,及时感知异常工控流量数据和异常协议数据包。 使用开源 cuckoo 沙盒框架,在部署蜜罐的同时采用主客机部署机制,防止因攻击者识别蜜罐借此为跳板而逃逸或其他破坏行为。 然后将蜜罐捕获的所有疑似攻击数据进行分析并提交至 cuckoo 主机端进行二次分析,最后对认为是攻击的数据采取相应处理措施。 为网络安全管理员提供可靠数据,为发电厂提供更安全的主动防御网络环境。
Abstract:
The difference between industrial control honeypot and ordinary honeypot is mainly marked by the different scenes of using honeypot. In industrial control honeypot,the scenes are industrial control system,and the industrial control protocol used for communication of industrial control equipment is different from ordinary Internet protocol. The trapping ability of industrial control honeypot mainly depends on its simulation interaction level, and the simulation protocol communication interaction determines the authenticity of the trapping environment. Based on the investigation of the control system of real power plant,we propose that the control system of powerplant is placed in sandbox to restore the high fidelity of honeypot. Using protocol reverse analysis technology,in-depth analysis of EGD industrial control protocol to master protocol characteristics,timely sense abnormal industrial control traffic data and abnormal protocol packets. The open source Cuckoo sandbox framework is used to deploy honeypots with the main aircraft deployment mechanism to prevent escape or other sabotage if an attacker identifies the honeypot as a springboard. Then all suspected attack data captured byhoneypot are analyzed and submitted to cuckoo host for secondary analysis. Finally,corresponding processing measures are taken for thedata considered as attacks,which provides reliable data for network security administrators and a more secure active defense network environment for power plants.

相似文献/References:

[1]许显月 张凤斌.基于两级重定向机制的密网研究和设计[J].计算机技术与发展,2009,(05):158.
 XU Xian-yue,ZHANG Feng-bin.Research and Design about Honeynet Based on Two- level Redirect Mechanism[J].,2009,(10):158.
[2]李菲 乔佩利.网络深层防御体系模型的研究和实现[J].计算机技术与发展,2008,(02):159.
 LI Fei,QIAO Pei-li.Research and Implementation of Network Defense In- Depth System Model[J].,2008,(10):159.
[3]胡建华,刘鑫朝,李辉.基于. NET的动态实时曲线的绘制方法[J].计算机技术与发展,2013,(03):179.
 HU Jian-hua,LIU Xin-chao,LI Hui.Method of Dynamic Real-time Curve Drawing Based on . Net[J].,2013,(10):179.
[4]焦宏宇,何利文,黄俊.基于蜜场的 Openstack 安全系统[J].计算机技术与发展,2018,28(10):92.[doi:10.3969/ j. issn.1673-629X.2018.10.019]
 JIAO Hong-yu,HE Li-wen,HUANG Jun.Openstack Security System Based on Honeyfarm[J].,2018,28(10):92.[doi:10.3969/ j. issn.1673-629X.2018.10.019]
[5]刘知竹,冯璐,荀鹏,等.基于分散化序列的联网 ICS 设备搜索技术[J].计算机技术与发展,2018,28(11):1.[doi:10.3969/ j.issn.1673-629X.2018.11.001]
 LIU Zhi-zhu,FENG Lu,XUN Peng,et al.Networked ICS Device Search Technique Based on Dispersed Sequence[J].,2018,28(10):1.[doi:10.3969/ j.issn.1673-629X.2018.11.001]
[6]李 阳,赵俊楠,石乐义.基于演化博弈的蜜罐有效性机理证明[J].计算机技术与发展,2020,30(04):105.[doi:10. 3969 / j. issn. 1673-629X. 2020. 04. 020]
 LI Yang,ZHAO Jun-nan,SHI Le-yi.Proof of Honeypot Effectiveness Mechanism Based on Evolutionary Game Theory[J].,2020,30(10):105.[doi:10. 3969 / j. issn. 1673-629X. 2020. 04. 020]
[7]刘 俊,陈 慧,王 军.基于区块链的 ICS 数据安全策略研究[J].计算机技术与发展,2021,31(01):149.[doi:10. 3969 / j. issn. 1673-629X. 2021. 01. 027]
 LIU Jun,CHEN Hui,WANG Jun.Research on Data Security Strategy of ICS Based on Blockchain[J].,2021,31(10):149.[doi:10. 3969 / j. issn. 1673-629X. 2021. 01. 027]
[8]高雅卓,刘亚群,邢长友,等.面向网络欺骗防御的攻击诱捕技术研究[J].计算机技术与发展,2022,32(03):114.[doi:10. 3969 / j. issn. 1673-629X. 2022. 03. 019]
 GAO Ya-zhuo,LIU Ya-qun,XING Chang-you,et al.Research on Network Deception Defense Oriented AttackTrapping Technology[J].,2022,32(10):114.[doi:10. 3969 / j. issn. 1673-629X. 2022. 03. 019]
[9]赵东东,石乐义,谢云飞.基于 CP-ABE 的工业控制系统加密传输方案[J].计算机技术与发展,2022,32(10):94.[doi:10. 3969 / j. issn. 1673-629X. 2022. 10. 016]
 ZHAO Dong-dong,SHI Le-yi,XIE Yun-fei.Encrypted Transmission Scheme of Industrial Control System Based on CP-ABE[J].,2022,32(10):94.[doi:10. 3969 / j. issn. 1673-629X. 2022. 10. 016]
[10]韩子彬.选煤厂工控网络安全实验分析[J].计算机技术与发展,2022,32(S2):162.[doi:10. 3969 / j. issn. 1673-629X. 2022. S2. 029]
 HAN Zi-bin.Experimental Analysis of Industrial Control Network Security in Coal Preparation Plant[J].,2022,32(10):162.[doi:10. 3969 / j. issn. 1673-629X. 2022. S2. 029]

更新日期/Last Update: 2022-10-10