Industrial Control System Based On Honeypot Technology Security Research And Application

"Industry 4.0" is an intelligent era in which information technology promotes industrial transformation.With the continuous integration of traditional information technology and industrial control networks,traditional network attacks have gradually penetrated into the field of industrial control.In the face of various attacks against industrial control networks and the evolution of advanced persistent threats(APT,Advanced Persistent Threats)attacks,the information security situation of industrial control systems is becoming more and more serious.In order to improve the information security protection capability of industrial control systems,Aiming at the problem of passive defense and low accuracy of traditional protection technology in industrial control systems,this paper proposes to use honeypot technology to introduce Modbus TCP data into the honeypot system,analyze its activity records in the honeypot and complete anomaly detection,thereby improving intrusion Detection rate,and built an industrial control network intrusion trap system based on honeypot technology.First,it introduces the relevant concepts of industrial control systems,studies the existing security threats and attack methods in the field of industrial control,focuses on the security problems of typical industrial control protocol Modbus TCP,and introduces two current mainstream information security protection technologies: intrusion detection Compared with the honeypot technology,the advantages and disadvantages of the two technologies are compared.Secondly,in view of the shortcomings of the abnormal detection of Modbus TCP protocol,the honeypot technology was used to introduce Modbus TCP protocol into the honeypot system,study its activity records in the honeypot system,extract the characteristics of Modbus TCP communication behavior and activity characteristics based on honeypot technology The kernel principal component analysis method optimizes the extracted features;according to the characteristics of the unbalanced positive and negative samples flowing through the honeypot,a weighted support vector machine classification algorithm is used to construct an anomaly detection algorithm.And through simulation experiments,it is verified that Modbus TCP anomaly detection algorithm integrating honeypot features has a high detection rate while ensuring the detection rate.Finally,aiming at the security protection of industrial control systems,an industrial control network intrusion trapping system was constructed using honeypot technology,and the intrusion trapping system under industrial control environment was designed and completed.The system mainly includes a honeypot improvement module,a honeypot camouflage module and a honeypot management module.The honeypot improvement module is mainly tailored to the shortcomings of the selected honeypot and the shortage of the simulated protocol;the honeypot camouflage module is to better trap the intrusion attack and disguise the honeypot system as an intelligent power conversion system;Management honeypot and data visualization of attack information,and secondary development of open source honeypot framework.Finally,an industrial control network intrusion trap system was built using Conpot honeypot and open source honeypot management framework MHN.The simulation and result analysis of the trap system were carried out.The experimental results proved the effectiveness of the system.