摘要
工业控制系统蜜罐存在系统信息容易被攻击者嗅探,安全性不能满足要求的问题。针对此问题,提出一种改进的Conpot蜜罐方案,针对Conpot蜜罐设计时存在指纹信息的缺陷,对配置文件中序列号等指纹进行擦除和替换,并依据实际PLC指纹对蜜罐XML配置文件重新配置以仿真S7-400设备。为使生成序列号与真实PLC在面对攻击者扫描时格式一致,在对PLC命名规则分析基础上,采用格式保持加密算法进行相关字段的生成,从而提高安全性。验证了所提方案可有效提高Conpot蜜罐的安全性。
Honeypot is an active defense technology,which can make up for the low efficiency of the unknown threat detection system.It is of great importance to the security of industrial control systems.Currently,the ICS honeypot has the deficiency that system information can be easily sniffed by attackers.Addressing the problem,an improved honeypot scheme based on Conpot is proposed.In the proposed scheme,the fingerprints are erased and replaced in the configuration file to address the shortcomings of the fingerprint information in the Conpot honeypot.And then the XML configuration file is reconfigured to emulate the S7-400 device based on the actual programmable logic controllers fingerprints.Further,in order to make the generated sequence number consistent with the format of the real PLC in the face of the attacker’s scan,the format-preserving encryption algorithm is introduced.The proposed scheme is experimentally verified to be effective in improving the safety of the Conpot honeypot.
作者
崔永富
翟江涛
林鹏
许历隆
CUI Yongfu;ZHAI Jiangtao;LIN Peng;XU Lilong(School of Electronic & Information Engineering, Nanjing University of Information Science & Technology, Nanjing 210044, China)
出处
《重庆理工大学学报(自然科学)》
CAS
北大核心
2022年第4期170-176,共7页
Journal of Chongqing University of Technology:Natural Science
基金
国家自然科学基金项目(U1836104,61801073,61931004,62072250)
南京信息工程大学人才引进启动基金项目(2020r061)。
关键词
蜜罐
Conpot
格式保持加密
工业控制系统
honeypot
Conpot
format-preserving encryption
industrial control system24
