Design And Implementation Of ICS Threat Perception Platform Based On Honeypot

The rapid development of science and technology promotes the integration of information technology and industrialization.As more and more attack events on industrial control systems gradually expose to the public's vision,industrial safety issues cause widespread concern in the society.Traditional passive safety defense means can not supply effective protection against unknown network attacks and Advanced Persistent Threats(APT)anymore.In order to explore an effective active security defense method,this paper designs and implements an ICS threat perception platform based on honeypot technology.The purpose of the platform is to capture and analyze the attack traffic to the industrial control system in the cyberspace.By studying the attack mothed of the attacker and tracing their true identity,the platform can make a better response when unknown network attacks come.First of all,this paper designs and implements a low interaction industrial honeypot named SuperPot.The honeypot integrates remote data push function based on publish/subscribe mechanism and can capture attack data for24 kinds of industrial protocols.Secondly,this paper improves the function of“hpfeeds”(an open source publish/subscribe protocol)according to the platform requirements.The application of improved “hpfeeds” to the server-side of platform achieves the distributed supervision and real-time data collection of accessed honeypot.Then,according to the characteristics of the platform itself,this paper designs and implements data persistence middleware based on channel division.It can transform and persist the attack data within the same channel.Finally,this paper realized the ICS threat perception platform based on honeypot technology.The proposed platform can realize real-time analysis and visualization of the captured attack traffic data,perceive the current cyberspace industrial threat situation within the scope of the ability,and provide an effective security event analysis interface.By setting up ICS threat perception platform on the Internet,for 9 months time without interruption to collect industrial control system attack data.Through the analysis of the large amount of data collected by the platform from multiple dimensions,theactual effect of this platform is verified using examples.