CN111447230A - High-sweetness high-interaction industrial honey pot device and method - Google Patents
High-sweetness high-interaction industrial honey pot device and method Download PDFInfo
- Publication number
- CN111447230A CN111447230A CN202010232244.8A CN202010232244A CN111447230A CN 111447230 A CN111447230 A CN 111447230A CN 202010232244 A CN202010232244 A CN 202010232244A CN 111447230 A CN111447230 A CN 111447230A
- Authority
- CN
- China
- Prior art keywords
- protocol
- interaction
- industrial
- improvement
- simulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A high-sweetness and high-interaction industrial honey pot control device and method can provide dynamic HMI display to the outside, have rich Web interaction response behaviors and accurately simulate an HMI interface of real equipment. For the interaction of the protocol messages from the outside, the protocol messages can be accurately analyzed according to the protocol standard, and reply responses can be carried out on various protocol messages. The dynamic data can be provided for the two points, and various dynamic behaviors of the equipment can be simulated to provide data according with the state change rule of the equipment.
Description
Technical Field
The invention relates to the technical field of industrial information safety, in particular to a high-sweetness and high-interaction industrial honey pot control device and method, and particularly relates to a device and method for explaining how to improve the interactivity of honey pots and further improve the interactivity of honey pots of an industrial control system mainly from three aspects of protocol simulation, human-computer interaction interface and equipment simulation.
Background
Industrial control refers to industrial automation control and is mainly realized by combining electronics, electricity, machinery and software. I.e., industrial control, or factory automation. Mainly means that the production and the manufacturing process of a factory are more automated, efficient and accurate by using a computer technology, a microelectronic technology and an electrical means, and the method has controllability and visibility. At present, few researches on high-interaction honeypots for industrial control are carried out, mainly, security enterprises carry out researches on industrial control honeypots, the purposes of the researches are that the researches are used for threat early warning under the condition that mobile phones threaten information data, most of the researches are carried out by using open-source low-interaction honeypots for secondary development, interactivity is low, and reliability of collected data is low. The Conpot is an open source honeypot simulating industrial control equipment, is a low-interaction industrial control honeypot and focuses on information collection.
The problems of the low-interaction industrial honey pot such as Conpot are as follows:
1) the Conpot is used as a low-interaction honeypot, the provided protocol function is limited, collected data cannot well express behaviors of attackers, and the method has the main problems that the Conpot only provides a framework for simulating industrial control equipment, has a static page display function and is easy to realize by a protocol server, the Conpot is easy to identify, an HMI (human machine interface, also called human machine interface or user interface) mainly can only provide a static interface, and the protocol server only realizes message receiving and simple identification of whether messages are legal, and does not realize the actual function of the protocol. From an attacker perspective, Conpot can provide an attacker with very limited interaction.
2) The protocol simulated is simple, Conpot by default simulates the Siemens SIMATICS 7-200P L C with Modbus and S7comm links-its default configuration can be extended to simulate other Siemens P L C using the proprietary S7comm protocol, but the implementation of the S7comm protocol is quite incomplete, and currently only reads entries of the system status list.
Disclosure of Invention
In order to solve the problems, the invention provides a high-sweetness and high-interaction industrial honey pot device and a method, which are mainly improved based on an open-source industrial honey pot configuration, so that the open-source industrial honey pot configuration has the capability of simulating complex industrial control equipment.
In order to overcome the defects in the prior art, the invention provides a solution of a high-sweetness high-interaction industrial honey pot device and a method, which comprises the following specific steps:
a high-sweetness high-interaction industrial honey pot device comprises:
a processing terminal with an improved industrial control honeypot concot;
and the processing terminal is in communication connection with the Web server.
The improved industrial control honeypot Conpot comprises a design module, a protocol improvement module and a simulation improvement module;
the design module is used for HMI dynamic interactive design;
the protocol improvement module is used for improving an ICS protocol;
the simulation improvement module is used for device simulation improvement.
A method for high-sweetness high-interaction industrial honeypot device comprises the following steps:
step 1: HMI dynamic interactive design;
step 2: improvement of the ICS protocol;
and step 3: and (5) improving the simulation of the equipment.
The HMI dynamic interactive design of the step 1 comprises the following steps: improvements to the static HMI are made from the Web server and data dynamic presentation aspects, including improvements in interface titles, login or logout, icon refreshing, and chart printing.
The improvement in the interface title comprises: the dynamic display part is used for dynamically displaying the name, date and time of the interface title;
the improvement of logging in or out comprises: the dynamic display part is used for dynamically displaying a user login and authority verification interface;
the improvement of icon refresh comprises: for an icon refresh page with an automatic update function, which can be obtained from a Web server, the automatic update function can be enabled or disabled;
the improvement in chart printing comprising: a printable version of a current page is prepared and displayed having a navigation area for switching pages, and a content area of the page currently displayed for viewing.
The improvement of the ICS protocol of step 2 comprises: the implementation of the S7 protocol in the industrial control honeypot Conpot is improved, so that the simulation of the protocol is more complete.
The protocol simulation is more complete by classifying the structures of two word domains of connection establishment and read-write variable through analyzing the collected data packet, realizing the function which is not realized by the S7 protocol in the industrial control honey pot Conpot, improving the analysis function of the industrial control honey pot Conpot to the S7 protocol, and realizing the improved realized protocol functions of writing variable, PI service, uploading, P L C operation, SZ L reading, block list reading and clock operation.
The equipment simulation improvement of the step 3 comprises the steps of simulating an equipment operation mechanism of the P L C through realizing general information class, state class and memory class of the P L C and a P L C main class in an industrial control system, improving the industrial control honey pot control to enable the industrial control honey pot control to have an equipment simulation function, simulating the initial state of the equipment P L C when the industrial control honey pot control is operated, simulating parameter changes through the initialization operation of the P L C function class, and displaying in real time on an HMI interface.
The invention has the beneficial effects that:
1) the method can provide dynamic HMI display to the outside, has rich Web interaction response behaviors, and accurately simulates the HMI interface of real equipment.
2) For the interaction of the protocol messages from the outside, the protocol messages can be accurately analyzed according to the protocol standard, and reply responses can be carried out on various protocol messages.
3) The dynamic data can be provided for the two points, and various dynamic behaviors of the equipment can be simulated to provide data according with the state change rule of the equipment.
Drawings
Fig. 1 is a schematic configuration diagram of a high-sweetness high-interaction industrial honey pot device according to the present invention.
Detailed Description
According to the defects of the prior art, the invention aims to provide a method for realizing a high-interaction industrial control honeypot, and the problem of low recognition rate of the Conpot to the protocol request is solved.
The invention will be further described with reference to the following figures and examples.
As shown in fig. 1, the high-sweetness high-interaction industrial honey pot device comprises:
a processing terminal with an improved industrial control honeypot concot; and the processing terminal is in communication connection with the Web server. The processing terminal can be a PC or a notebook computer. The improved industrial control honeypot Conpot comprises a design module, a protocol improvement module and a simulation improvement module; the design module is used for HMI dynamic interactive design; the protocol improvement module is used for improving an ICS protocol; the simulation improvement module is used for device simulation improvement.
The method for the high-sweetness high-interaction industrial honeypot device comprises the following steps:
the method improves the traditional Conpot-based industrial control honeypot from the three aspects of designing a dynamic HMI (human machine interface), improving an ICS (Internet control System) protocol and improving industrial control equipment simulation, and the improved industrial control honeypot can improve the high interactivity of P L C simulation, is easy to configure and does not need to be combined with real industrial control equipment, so that the simulation cost consumption is reduced.
Step 1: HMI dynamic interactive design;
step 2: improvement of the ICS protocol;
and step 3: and (5) improving the simulation of the equipment.
The HMI dynamic interactive design of the step 1 comprises the following steps: improvements to the static HMI are made from the Web server and data dynamic presentation aspects, including improvements in interface titles, login or logout, icon refreshing, and chart printing.
The improvement in the interface title comprises: the dynamic display part is used for dynamically displaying the name, date and time of the interface title;
the improvement of logging in or out comprises: the dynamic display part is used for dynamically displaying a user login and authority verification interface;
the improvement of icon refresh comprises: for an icon refresh page with an automatic update function, which can be obtained from a Web server, the automatic update function can be enabled or disabled;
the improvement in chart printing comprising: a printable version of a current page is prepared and displayed having a navigation area for switching pages, and a content area of the page currently displayed for viewing.
The improvement of the ICS protocol of step 2 comprises: the implementation of the S7 protocol in the industrial control honeypot Conpot is improved, so that the simulation of the protocol is more complete.
The protocol simulation is more complete by analyzing the collected data packets, classifying the structures of two word domains of connection establishment and read-write variables, realizing the function of the industrial control honey pot Conpot which is not realized by the S7 protocol, improving the analysis function of the industrial control honey pot Conpot to the S7 protocol, and realizing the protocol functions after improvement, wherein the improved realized protocol functions comprise variable writing, PI service, uploading, P L C operation, SZ L reading, block list reading and clock operation, the variable writing is a value written into the variable, the PI service is a virtual window for visually displaying the industrial control production process, the uploading is the outward transmission of data by P L C, and the P L C operation comprises the electrification of P L C.
The equipment simulation improvement of the step 3 comprises the steps of simulating an equipment operation mechanism of a P L C through a P L C main class, a general information class, a state class and a memory class of a P L C in an industrial control system, improving the industrial control honey pot Conpot to enable the industrial control honey pot Conpot to have an equipment simulation function, simulating an initial state of the equipment P L C when the industrial control honey pot Conpot is operated, simulating parameter changes through the initialization operation of the P L C function class, and displaying the parameter changes on an HMI interface in real time, wherein the general information class, the state class, the memory class and the P L C main class are defined in a C + + class definition mode.
The advantages of such a method are:
1. the interactivity simulated by the P L C is improved, the configuration is easy, and response reply can be carried out on various protocol messages.
2. Real industrial control equipment is not needed to be combined, and consumption of simulation cost is reduced.
3. The recognition rate of the protocol request is greatly improved.
The present invention has been described in an illustrative manner by the embodiments, and it should be understood by those skilled in the art that the present disclosure is not limited to the embodiments described above, but is capable of various changes, modifications and substitutions without departing from the scope of the present invention.
Claims (8)
1. A high-sweetness high-interaction industrial honey pot device is characterized by comprising:
a processing terminal with an improved industrial control honeypot concot;
and the processing terminal is in communication connection with the Web server.
2. The high-sweetness high-interaction industrial honey pot apparatus of claim 1, wherein the modified industrial honey pot concot comprises a design module, a protocol modification module and a simulation modification module;
the design module is used for HMI dynamic interactive design;
the protocol improvement module is used for improving an ICS protocol;
the simulation improvement module is used for device simulation improvement.
3. A method for high-sweetness high-interaction industrial honeypot device is characterized by comprising the following steps:
step 1: HMI dynamic interactive design;
step 2: improvement of the ICS protocol;
and step 3: and (5) improving the simulation of the equipment.
4. The method for high-intensity high-interaction industrial honeypot apparatus as claimed in claim 3, wherein the HMI dynamic interaction design of step 1 comprises: improvements to the static HMI are made from the Web server and data dynamic presentation aspects, including improvements in interface titles, login or logout, icon refreshing, and chart printing.
5. The method of high intensity sweet potato honeypot system of claim 4 wherein the interface headings are modified by: the dynamic display part is used for dynamically displaying the name, date and time of the interface title;
the improvement of logging in or out comprises: the dynamic display part is used for dynamically displaying a user login and authority verification interface;
the improvement of icon refresh comprises: for an icon refresh page with an automatic update function, which can be obtained from a Web server, the automatic update function can be enabled or disabled;
the improvement in chart printing comprising: a printable version of a current page is prepared and displayed having a navigation area for switching pages, and a content area of the page currently displayed for viewing.
6. The method of high-intensity high-interaction honeypot apparatus as claimed in claim 3, wherein the improvement of the ICS protocol of step 2 comprises: the implementation of the S7 protocol in the industrial control honeypot Conpot is improved, so that the simulation of the protocol is more complete.
7. The method for high-sweetness high-interaction industrial honeypot device according to claim 6, wherein the step of improving the simulation of the protocol comprises the steps of classifying the structures of two word domains of 'connection establishment' and 'read-write variable' by analyzing the collected data packet, realizing the functions of the industrial honeypot Conpot that are not realized by the S7 protocol, improving the analysis function of the industrial honeypot Conpot to the S7 protocol, and realizing the improved functions of the protocol, such as variable write, PI service, upload, P L C operation, SZ L reading, block list reading and clock operation.
8. The method for high-sweetness high-interaction industrial control honey pot device according to claim 3, wherein the equipment simulation improvement of step 3 comprises the step of simulating the equipment operation mechanism of P L C by realizing the general information class, the state class, the memory class and the P L C main class of P L C in the industrial control system, so that the industrial control honey pot is improved to have the function of equipment simulation, the initial state of the equipment P L C can be simulated during the operation of the industrial control honey pot, and then parameter changes are simulated through the initialization operation of the P L C function class and are displayed in the HMI interface in real time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010232244.8A CN111447230A (en) | 2020-03-27 | 2020-03-27 | High-sweetness high-interaction industrial honey pot device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010232244.8A CN111447230A (en) | 2020-03-27 | 2020-03-27 | High-sweetness high-interaction industrial honey pot device and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111447230A true CN111447230A (en) | 2020-07-24 |
Family
ID=71651343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010232244.8A Pending CN111447230A (en) | 2020-03-27 | 2020-03-27 | High-sweetness high-interaction industrial honey pot device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111447230A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113162948A (en) * | 2021-05-12 | 2021-07-23 | 上海交通大学宁波人工智能研究院 | Modularized industrial control honey pot system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108600193A (en) * | 2018-04-03 | 2018-09-28 | 北京威努特技术有限公司 | A kind of industry control honey jar recognition methods based on machine learning |
-
2020
- 2020-03-27 CN CN202010232244.8A patent/CN111447230A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108600193A (en) * | 2018-04-03 | 2018-09-28 | 北京威努特技术有限公司 | A kind of industry control honey jar recognition methods based on machine learning |
Non-Patent Citations (1)
| Title |
|---|
| 赵春辉: "基于工业业务的ICS高交互蜜罐技术研究与威胁情报分析", 《中国优秀硕士学位论文全文数据库(电子期刊) 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113162948A (en) * | 2021-05-12 | 2021-07-23 | 上海交通大学宁波人工智能研究院 | Modularized industrial control honey pot system |
| CN113162948B (en) * | 2021-05-12 | 2022-07-26 | 上海交通大学宁波人工智能研究院 | Modularized industrial control honey pot system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9161238B2 (en) | Mobile device monitoring and testing | |
| CN110673777A (en) | Online teaching method and device, storage medium and terminal equipment | |
| Simões et al. | Personal Learning Environment Box (PLEBOX): A new approach to E‐learning platforms | |
| CN105120006A (en) | Live commenting control method, live commenting server and live commenting control device for electronic readings | |
| CN110012165B (en) | Method and device for presenting session list page and readable medium | |
| US11245601B2 (en) | Automated integrated test system and method thereof | |
| US20190251186A1 (en) | Content management infrastructure for conversion of structured data | |
| US20130164719A1 (en) | Digital math tutorial for students | |
| Viscomi et al. | Using WebPageTest: web performance testing for novices and power users | |
| CN106550235A (en) | A kind of processing method of failure messages of set top box, device and Set Top Box | |
| CN111447230A (en) | High-sweetness high-interaction industrial honey pot device and method | |
| US11709991B2 (en) | Detecting truncation and overlap defects on webpage | |
| CN107103743A (en) | A kind of carrier wave integrates the message processing method of copy controller | |
| US20190251145A1 (en) | System for markup language conversion | |
| US20190251146A1 (en) | Device for rendering markup language with structured data | |
| CN109710866A (en) | Image display method and device in online document | |
| CN113626129B (en) | Page color determination method and device and electronic equipment | |
| CN110188257A (en) | A kind of mobile application collecting method and device | |
| JP2024505316A (en) | Application testing methods, equipment, electronic equipment and storage media | |
| Zhen | An English mobile learning platform embedded in GSM-R wireless network communication | |
| JP5275540B2 (en) | Annotation utilization program and annotation utilization apparatus | |
| JP5749611B2 (en) | Annotation display control system, annotation display control program, and annotation display control method | |
| CN118070763A (en) | Course editing processing method, device and medium for industrial control network target range teaching | |
| CN109271773A (en) | Man-machine identification, verifying, data processing method and device | |
| Gânsac et al. | E-learning platform for cybersecurity of scada systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200724 |
|
| RJ01 | Rejection of invention patent application after publication |