Homologous attack analysis method for industrial control honeypot

An analysis method and honeypot technology, applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve the problems that the method and principle are not applicable, and cannot find the same source attacker or attacking organization of the industrial control honeypot

Active Publication Date: 2020-05-29
山西星泽汇联科技有限公司
View PDF6 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these same-origin attack judgment methods can only complete the attack data of specific modified honeypots. The specific methods and principles are not applicable to industrial control honeypots, nor can they find out the same-origin attackers or attacking organizations targeting industrial control honeypots.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Homologous attack analysis method for industrial control honeypot
  • Homologous attack analysis method for industrial control honeypot
  • Homologous attack analysis method for industrial control honeypot

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The technical solutions of the present invention will be further described in more detail below in conjunction with specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0038] This embodiment provides an example of a homologous attack analysis method using the method of the present invention.

[0039] Such as figure 1 As shown, a kind of same-origin attack analysis method for industrial control honeypot provided by the present invention comprises the following steps:

[0040] 1) Based on the Conpot honeypot framework, construct a Modbus industrial control protocol honeypot, and distribute it on the Internet for data collection; perform data preprocessing according to the Conpo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a homologous attack analysis method for an industrial control honeypot, and the method comprises the steps: introducing coarse-grained and fine-grained attack behavior featuresthrough the physical position features of an attacker, converting the information of the attacker into a group of multi-dimensional attack behavior feature vectors, finding an optimal K value by using a Canopy method according to the coarse-grained attack information of the attacker, and determining attackers or attack organizations with close Euclidean distances as homologous attacks by using animproved K-means clustering method according to the fine-grained attack information of the attacker. According to the method and the system, the behavior characteristics of the homologous attacker can be modeled into the characteristic vector based on the function code sequence, and the method and the system are suitable for analyzing various industrial control protocol honeypot data with function code characteristics; a verification method is provided for solving the problem that it is difficult to judge and verify the same attack source of honeypot data, for some unknown enterprise scannersor attackers, an open source abuse IP database is used for query, and the traditional attacker information of the other unknown attackers is verified.

Description

technical field [0001] The invention belongs to the field of industrial control security, and relates to industrial control honeypot data analysis, in particular to an industrial control honeypot-oriented homologous attack analysis method. Background technique [0002] The research on attacker traceability mainly relies on IP traceability technology, which is a key means of active protection of network security. The mainstream methods include: probabilistic packet marking traceability method and log traceability method. The probabilistic packet marking technology writes identification information (such as IP address) into the header field (marking field) of the forwarded packet, and then the victim retrieves the marking information from the received packet and finally determines the attack path. The log tracing method is that the router records the information related to the packet before forwarding the packet, and then reconstructs the attack path based on the recorded info...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1491H04L63/1433H04L63/1416H04L2463/146G06F18/23213
Inventor 陈永乐马垚杨玉丽于丹王建华
Owner 山西星泽汇联科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap