摘要
The security issues of industrial control systems(ICSs)have become increasingly prevalent.As an important part of ICS security,honeypots and anti-honeypots have become the focus of offensive and defensive confrontation.However,research on ICS honeypots still lacks breakthroughs,and it is difficult to simulate real ICS devices perfectly.In this paper,we studied ICS honeypots to identify and address their weaknesses.First,an intelligent honeypot identification framework is proposed,based on which feature data type requirements and feature data acquisition for honeypot identification is studied.Inspired by vulnerability mining,we propose a feature acquisition approach based on lightweight fuzz testing,which utilizes the differences in error handling between the ICS device and the ICS honeypot.By combining the proposed method with common feature acquisition approaches,the integrated feature data can be obtained.The experimental results show that the feature data acquired is effective for honeypot identification.
基金
This work is supported by the National Key Research and Development Plan(No.2018YFB0803504)
the National Natural Science Foundation of China(Nos.61702223,61702220,61871140,61872420,61602210,U1636215)
the Guangdong Province Key Area R&D Program of China(No.2019B010137004,2019B010136001)
the Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme(2019)
the Guangdong Basic and Applied Basic Research Foundation(2020A1515010450)
the Science and Technology Planning Project of Guangdong(2017A040405029,2018KTSCX016,2019A050510024)
the Science and Technology Planning Project of Guangzhou(201902010041)
the Fundamental Research Funds for the Central Universities(21617408,21619404)
the Opening Project of Shanghai Trusted Industrial Control Platform(TICPSH202003014-ZC).