Research On Ship Network Based On Honeypot Technology

Ship network is a comprehensive network which integrates industrial control network and has many kinds of intelligent equipment and instruments.The emergence of "Seismic Network" and other attacks against industrial control network makes people have a new understanding of the safety of industrial control network,and also makes the ship network face more severe security challenges.This paper studies the technology of ship honeypot network.Aiming at the problem that fingerprint information of industrial honeypot is not perfect and can't support large-scale deployment with deception and interaction,a ship honeypot system with high security is designed and implemented.The main work is as follows:1.In view of the shortcomings of the current typical SNAP7 industrial honeypot in terms of security,this paper proceeds from the anti-honeypot technology and eliminates its fingerprint information,thus effectively improving its security;2.The architecture characteristics of typical ship network are analyzed in depth.Based on Docker container,a ship network honeypot system supporting S7 protocol,SNMP protocol and Web protocol is designed and developed,which can resist the recognition of existing typical scanning tools.3.Based on the mature Internet honeypot technology and the characteristics of ship network structure,this paper analyses the ship network honeypot system,and designs and implements a new type of ship network honeypot architecture with data monitoring and behavior recording function modules.At the same time,this paper proposes to introduce load balancing algorithm in the construction of ship network Honeynet system,which optimizes the resource utilization of the system,and provides a new networking architecture model for ship network Honeynet system.4.Based on ELK+IMUNES framework,threat perception system for ship network honeypot system is designed and implemented through self-developed asset information acquisition and omission module,combined with Suricata and Internet honeypot module.Through the deployment and test of the above-mentioned ship network Honeynet system,this paper verifies that the developed system has good deception ability and threat data capture performance,and also has good performance in threat perception of ship network,which has important theoretical significance and reference value for improving ship network security.Finally,the full text is summarized and the direction of further research is pointed out.