摘要
针对工业控制系统蜜罐在设计时,未充分考虑工业互联网协议模型,使得攻击者可以通过对交互过程中的协议分析实现蜜罐识别的问题,提出了一种基于协议建模的高交互性工业控制系统蜜罐构建方法。所提方法通过采用Petri网对工业控制系统蜜罐和工业控制系统PLC设备的S7comm协议通信过程进行形式化建模,对该模型进行形式化分析比对,并对比对中检测到的S7comm协议交互漏洞进行了改进。实验结果表明,采用Petri网的工业控制系统蜜罐协议建模能够抵抗基于协议分析的蜜罐识别方法,有效提高Conpot蜜罐的交互性。
In view of the problem that industrial control system honeypot is not fully considered in the design of industrial control system honeypot,so that attackers can realize honeypot identification by protocol analysis in the process of interaction,this paper presents a method of honeypot construction for high interactivity industrial control system based on protocol modeling.The proposed method uses Petri net to model and formally analyze the communication process of S7comm protocol for industrial control system honeypot and industrial control system PLC equipment respectively,and improves the S7comm protocol mutual vulnerability detected in the model.The experimental results show that the industrial honeypot protocol modeling using Petri net can resist the honeypot identification method through protocol analysis,and effectively improve the security and interactivity of Conpot honeypot.
作者
崔永富
翟江涛
刘光杰
Cui Yongfu;Zhai Jiangtao;Liu Guangjie(School of Electronics and Information Engineering,Nanjing University of Information Science&Technology,Nanjing Jiangsu,210044)
出处
《工业信息安全》
2022年第4期6-16,共11页
Industry Information Security
