Research And Implementation Of Honeypot In Industrial Control System Based On Classification Algorithm

With the development of Internet technology,its application scenarios are increasing.In the field of industrial control,more and more industrial control systems are connected to the Internet,exposing industrial control networks to the role of many attackers.At the beginning of the design,it did not consider its application scenarios in the Internet.Therefore,most industrial control systems do not have security protection measures against Internet attacks.Therefore,a large number of industrial control system information security problems have been exposed and malicious Internet attackers Malicious use.With the emergence of new technologies and formats such as Industry 4.0 and Industrial Internet,the deep integration of industrialization and informatization has greatly improved the level of automation,networking and intelligence of industrial control systems.But at the same time,while bringing convenience to industrial control systems,it also brings the security attacks faced by the traditional Internet into the field of industrial control.In recent years,industrial control network security incidents have received more and more attention.The number of vulnerabilities in various industrial control equipment has continued to increase,and higherlevel advanced persistent threats(Advance Persistent Threat,APT)have also been exposed.As a result,it poses a higher threat to the industrial control system,causing a large loss of manpower and material resources,and the information security situation in the industrial field is very grim.Faced with new types of information security threats and attack methods,traditional passive security protections,such as firewalls and gatekeepers,have been unable to fully meet the actual needs of industrial information security protection,and it is difficult to achieve greater breakthroughs due to the limitations of their own technical characteristics.Research on new security protection technologies is urgently needed.The industrial trapping system designed in this paper is mainly based on honeypot technology,which can capture attack data,analyze its attack data,capture the characteristics of attackers,and then make better defense strategies.This technology is a new type of active Network security protection technology,by mainly attracting attackers to attack them,can capture more information about attackers than other defense methods.On the one hand,in terms of security defense and threat warning capabilities,the honeypot system exposes itself to the attacker’s line of sight as a bait to attract the attacker to attack,and then captures the fingerprint information of the attacker,diverts the attacker’s line of sight,and protects the real Industrial control system to guide its reinforcement protection measures and strategies.Second,due to the extremely high real-time requirements of industrial control systems,some traditional vulnerability scanners may have an unnecessary impact on the performance of industrial control systems,and small delays may affect the normal production of industrial control systems.Vulnerability mining in control systems is often not accepted by factories.The honeypot can record all connected packets.Honeypots can be deployed on a separate network segment without affecting the process and delaying the continuity of the industrial control system.This thesis mainly designs and implements an industrial trapping system based on the honeypot system,collects attack data captured by the honeypot,and visualizes the data,and then uses t-distribution stochastic neighbor embedding-SNE)algorithm analyzes it,maps attack behavior to two-dimensional space,realizes horizontal and vertical correlation comparison,performs eigenvalue analysis,and displays its tightness in combination with visualization methods,providing more effective protection for security personnel Help,at the same time,use a custom attack to attack the honeypot on the internal network.Use the classification algorithm for supervised learning on the collected attack data.By comparing the gradient boosting and the logistic regression algorithms,classify the attacker’s attack method.The ability to predict attack patterns.