Research On High Interaction Industrial Control Honeypot Technology Based On Mimetic Defense

With the deep integration and development of modern industrial Internet technology and industrial automatic process control and other technical fields,industrial control systems will be more and more widely used in a series of national major infrastructure such as wind power generation,transportation,water conservancy construction.However,with the potential problems of industrial control system equipment itself and the increasing vulnerability of the system,the system security risks faced by industrial control systems and industrial control equipment will also become more and more serious.For the current security problems faced by industrial control systems,security defense solutions that rely on traditional defense technologies are no longer effective and accurate for the security protection of industrial control systems.Therefore,this paper will use honeypot technology for industrial control system security defense,by building and deploying highly simulated virtual industrial control honeypots to trap attackers,so as to achieve the purpose of protecting real industrial control equipment and being able to capture attacker information.In order to prevent the honeypot from being detected by the attacker who uses the honeypot system as a springboard to attack other I&C devices,this paper draws on the technical idea of mimetic defense to build a mimetic I&C honeypot to realize the dynamic protection of the honeypot.The main work of this paper is as follows.(1)In view of the current research status and deficiencies for I&C honeypots,this paper proposes a scheme for building highly interactive I&C honeypots based on the Mini CPS simulation framework.The scheme mainly solves the problem of insufficient interaction capability and poor authenticity of the currently studied industrial control honeypots,by configuring Mininet to simulate the network topology in a real industrial control production environment and emulating the physical process of real industrial control devices,and finally responding the process to the attacker in time,making the attacker think that the honeypot we design is a real industrial control device,thus improving the authenticity of the honeypot;and by integrating the Honeyd framework to simulate industrial control devices(such as PLCs),and improve the interaction capability of the honeypot system by optimizing the framework and extending the scripts for simulating industrial control services.The honeypot system built based on this scheme is experimentally tested to have similar data capture than the common high-interaction industrial control honeypot Xpot,and significantly improved over the medium-interaction honeypot.(2)In view of the fact that most of the current honeypots are dedicated to improving their interaction capability and easy configuration,but no deeper research has been conducted on honeypots to achieve dynamic scheduling,this paper proposes a scheme to build a mimetic industrial control honeypot by combining mimetic defense technology.The mimetic chemical control honeypot system implemented based on mimetic defense can realize the dynamic scheduling defense strategy for heterogeneous industrial control honeypots.The optimized DHR architecture processes the attacker’s input for adjudication,and then judges the reasonableness of the adjudication result again,and finally dynamically schedules the heterogeneous industrial control honeypots according to the reasonableness of the result to prevent the attacker from recognizing the honeypot and causing the capture of the escaped honeypot.This paper verifies the functionality of the mimetic ICH honeypot system through simulation experiments.After the simulation experiments,the realism of the mimetic honeypot system is improved compared with the unmimetic honeypot,and the stability of the honeypot itself is increased.