Industrial Internet Security Monitoring Technology Based On Distributed Honeypot

With the rapid development of the industrial Internet,a large number of industrial control equipment and Internet of Things terminal access,its security risks are also exposed.In the industrial environment,many attacks are achieved by controlling the underlying equipment.Based on this,we designs a distributed honeypot system of industrial Internet(IDP),specifically designs the sensor honeypot,control honeypot and analysis honeypot,in order to protect the security of the underlying equipment of industrial Internet.Specific research work is as follows:Based on industrial Internet security monitoring technology,we presents a distributed honeypot system for industrial Internet.The function definition and overall design of the system are carried out,and the system is divided into three layers according to the hierarchy: data capture layer,data storage layer and security analysis layer.In sensing honeypot,decoy environment structure and honeypot capture module are designed.A data transfer mechanism is set up in the decoy environment structure to simulate the external characteristics of the sensor.The process of preliminary data processing is added to the honeypot capture module.In the control honeypot,the decoy environment structure designed is composed of sending instructions and receiving data,which can cope with the attacker’s sniffing request,and the capture module is the same as the sensing honeypot.In the analytical honeypot,DBSCAN algorithm and LOF algorithm are aggregated to identify abnormal data affecting clustering in log data sets,and abnormal data sets and standard data sets are obtained.Aiming at abnormal data sets,we designs a TP-Apriori algorithm with time series prediction to carry out sequential pattern mining and correlation analysis of hidden threats in data sets.Aiming at the standard data set,we designs a small K-Means algorithm to reduce the time complexity for effective cluster analysis.By using the data set in CIC-IDS-2017 for comparative experiments,the algorithm proposed in this thesis has better performance in accuracy,accuracy and recall rate.