| Cybersecurity of industrial control systems has been increasingly severe,and passive defense against intrusion cannot fully guarantee network security,thus,active defense is becoming a new requirement for modern cybersecurity.Research on honeypot as a typical active defense method has become crucial in the field of cybersecurity locally and abroad.the urban gas transmission and distribution SCADA system play an important role in social development and citizen's lives.Powerful as the system is,it still has a fatal vulnerability in defending against potential cyber threats.On the other hand,implementing honeypot technology in SCADA systems faces two major difficulties: a single honeypot is unrealized to attract and capture deep attacks due to limited simulation and interactivity;what's more,honeynet deployment is costly,and the critical requirements make it elusive to achieve large-scale deployment.Virtual network is light and more flexible than traditional networks,therefore,we designed and implemented a gas delivery SCADA honeynet system via combining virtual network with honeypot providing for less budget,ease of deployment and high simulation.Designed for a hypothetical attacker model,this honeynet system was implemented in a modular manner,and was divided into three modules of distinct function,namely Module of Simulation,Data Acquisition and Security Operation.The simulation module was highlighted,which was the simulation of the city gas SCADA platform.The real network topology and equipment was simulated using Mininet,and the configuration of the gateway,bandwidth,delay and packet loss were customized;what's more,Conpot was employed to realize the interaction of protocol layers,the defects of Conpot honeypot were improved additionally,including the anti-recognition and interaction capabilities;further,python Web framework was utilized to simulate human machine interface(HMI),including the business process and Web services of SCADA system,which greatly promoted the authenticity of honeynet system and also provided a new path for attackers.In the attack test,the reconnaissance scan attack showed the adequate simulation of the urban gas transportation SCADA platform by this system and its interactive capabilities,furthermore,the man-in-the-middle attack script test proved its ability to capture such complex attacks.Finally,the honeynet was deployed to the external network,and analysis of captured attack data indicated the significant advantages and practical value of our system. |
PDF Full Text Request