Design And Implementation Of Industrial Internet Honeypot System Based On Modbus Protocol

With the advent of the "Internet plus" era,the development mode of combining Internet technology with traditional industries has gradually formed.Industrial Internet technology has emerged and its security issues are becoming more and more important.Honeypot technology of industrial Internet is a kind of technology that can discover attack and identify attack intention through camouflage of industrial control equipment and collection and monitoring of attack information.It can play an effective security support for industrial Internet.However,there are some problems existing in the research and products of industrial Internet honeypot,such as weak hiding ability and limited attack discovery ability,which often fail to play its due role because it is easy to be detected by the attacker or unable to identify the attacker's attack.In order to solve these problems,this paper designs and implements an industrial Internet honeypot system based on Modbus protocol.The system can optimize the hiding ability and embedding attack discovery ability of honeypots,so as to solve the functional pain points of existing honeypot products.Specifically,this paper has done the following work:1.Design and implement a honeypot hiding optimization framework.Through the design of scheduling algorithm based on load balancing,consistency detection based on information collection and extended instruction base based on Modbus protocol,the framework is applied to three sub modules:interactive scheduling,validation analysis and information generation,which solves the common problems of honeypot,such as lack of efficient scheduling mechanism,weak cross validation ability and lack of information Lack of the pain point of the expansibility support of the protocol optimizes the hiding ability of the honeypot system;2.Design and implement a discovery method for industrial Internet implant attack.This method determines the existence of implantable attack through cross verification of traffic information and register information and filtering of IP,recovers the implantable content of attack through extraction and splicing of attack load,and finally judges the attack threat through threat determination,records and reports it,which can effectively discover and forensics the industrial Internet implantable attack based on modbus,and solves the problem that the industrial honeypot cannot Identify the pain point of the implanted attack,and optimize the attack discovery ability of honeypot;3.Design and implement the honeypot system of industrial Internet based on hidden optimization framework and embedded attack discovery method.The system adopts distributed architecture,uses multi-type database and multi service support,provides front-end query interface and back-end service interface,divides the functional modules into four parts:interactive hiding,information collection,attack identification and threat analysis,which can well support the application of the honeypot optimization innovation technology;4.The experiment of optimizing function and performance of honeypot system is designed.Through the test of honeypot hiding ability and implanted attack recognition ability,the effectiveness and optimization of the system in hiding camouflage ability and implanted attack discovery ability are proved,and then the reliability and availability of the system are proved.