Design And Implementation Of Industrial Control System Information Security Active Defense System Based On Modbus Protocol

Industrial Control System is widely used in electric power,metallurgy,petrochemical and other important industries as a common control system in the industrial field.However,due to the continuous penetration of traditional information technology into the industrial field,the traditional information network is continuously integrated with the industrial control network,and the industrial control system itself has not considered too much of the safety mechanism at the beginning of design.These several factors have caused the current severe information security situation for ICS.In order to ensure the information security of industrial control systems,this paper addresses the problems of traditional information security defense technology against information security attacks,such as high detection delay,low accuracy,single security capability,and passive defense only,and considers of limited computing resources and in real-time,availability and other characteristics industrial control systems.Through the combination of the intrusion detection system's discovery capability and the trapping ability of the honeypot system,an active information security defense system based on Modbus protocol for industrial control systems was proposed.The system can improve the detection accuracy of unknown attacks,and the rule-based detection method makes the system not only improve the attack detection efficiency but also reduce the false alarm rate.By further industrial camouflage of the system,it can better trap attacks and trace the true identity of the attack.In this paper,an active defense system for industrial control is designed and implemented based on an intrusion detection system and a honeypot system.To focus on industrial control system attacks,the intrusion detection system is configured to retain data traffic only for industrial protocol ports,and import data to the industrial honeypot system.This greatly reduces the amount of data required for post-analysis and improves the efficiency of data analysis.Because of the strong real-time characteristics of industrial control systems,a rulebased intrusion detection method was designed and implemented to reduce the detection delay.For the purpose of confusing attackers,the industrial honeypot system was converted into a power control system to further enhance the honeypot's trapping ability.In addition,the identity traceability module is integrated in the industrial honeypot system,which makes user can quickly locate attackers.Through the functional testing of the active defense system,the system can well trap attackers and record the attack behavior data in detail.Finally,the data is displayed in various aspects through the user interface,makes the researcher to study the attack behavior in-depth,and can quickly locate the location of the attacker through identity tracking function,and obtain their identity information.