Multimode honeypot system and data analysis method thereof

A data analysis, multi-node technology, applied in transmission systems, electrical components, etc.

Active Publication Date: 2017-11-17
BEIHANG UNIV
View PDF3 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Even if a single honeypot that simulates industrial control equipment is highly simulated, it is impossible to attract attackers to scan and read and write operations
In addition, the ultimate purpose of the honeypot is to extract key scanning and attack signature fingerprints. Currently, there is no method for extracting scanning attack signatures for PLC equipment and systems that can be realized in the industry and scientific research circles.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multimode honeypot system and data analysis method thereof
  • Multimode honeypot system and data analysis method thereof
  • Multimode honeypot system and data analysis method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] In order to understand the characteristics and technical contents of the embodiments of the present invention in more detail, the implementation of the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. The attached drawings are only for reference and description, and are not intended to limit the embodiments of the present invention.

[0042] The technical solution of the embodiment of the present invention proposes a multi-node honeypot system, and the multi-node honeypot system builds a simulated industrial control system based on virtual honeypot technology.

[0043] In the technical solution of the embodiment of the present invention, in order to adapt to the multi-node topology structure, corresponding modifications are made to the single-node honeypot system. In order to facilitate the understanding of the multi-node honeypot system, the following explains the single-node honeypot system first, whe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multimode honeypot system and a data analysis method thereof. The system comprises a plurality of single-node honeypot systems, and the single-node honeypot systems are connected with each other to form a network topological structure. The method comprises the steps: obtaining the original data of each single-node honeypot system; carrying out the feature screening of the original data through a PCA (principal component analysis) method, and obtaining the intermediate data; carrying out the clustering analysis and supervised learning of the intermediate data, and obtaining a plurality of clusters, wherein each cluster comprises a plurality of examples; carrying out the association rule extraction of an hostile attack command in each cluster; taking the extracted association rules as the attack features, and storing the attack features in a feature mark set.

Description

technical field [0001] The invention relates to the technical field of industrial control system security, in particular to a multi-node honeypot system oriented to industrial control system security and a data analysis method thereof. Background technique [0002] It is a common and mature solution in the security field to use honeypots to simulate specific devices to attract attacks, and then analyze the attack methods to extract attack signatures and fingerprints. However, in the emerging field of industrial security, only a few honeypots such as CONPOT, XPOT, DIGITALBONDSCADA HONEYNET simulate a single programmable logic control (PLC, Programmable Logic Controller) device. [0003] CONPOT, as the current mainstream open source low-interaction industrial control honeypot, emulates a single PLC device on the host by embedding protocols such as Modbus and SiemensS7Comm and opening specific ports 502 and 102. [0004] XPOT supports PLC program compilation and interpretatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L63/1425H04L63/1491H04L63/20H04L67/10H04L67/12
Inventor 李建欣符式定陈汉腾李想李博
Owner BEIHANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap