Unlock instant, AI-driven research and patent intelligence for your innovation.

A Same-origin Attack Analysis Method for Industrial Control Honeypots

An analysis method and honeypot technology, applied in the direction of digital transmission system, instrument, calculation, etc., can solve the problem that the method and principle are not applicable, and the same-origin attacker or attack organization cannot be found in the industrial control honeypot.

Active Publication Date: 2022-03-11
山西星泽汇联科技有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these same-origin attack judgment methods can only complete the attack data of specific modified honeypots. The specific methods and principles are not applicable to industrial control honeypots, nor can they find out the same-origin attackers or attacking organizations targeting industrial control honeypots.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Same-origin Attack Analysis Method for Industrial Control Honeypots
  • A Same-origin Attack Analysis Method for Industrial Control Honeypots
  • A Same-origin Attack Analysis Method for Industrial Control Honeypots

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The technical solutions of the present invention will be further described in more detail below in conjunction with specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0038] This embodiment provides an example of a homologous attack analysis method using the method of the present invention.

[0039] like figure 1 As shown, a kind of same-origin attack analysis method for industrial control honeypot provided by the present invention comprises the following steps:

[0040] 1) Based on the Conpot honeypot framework, construct a Modbus industrial control protocol honeypot, and distribute it on the Internet for data collection; perform data preprocessing according to the Conpot h...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control honeypot-oriented homologous attack analysis method, which introduces coarse-grained and fine-grained attack behavior features through the attacker's physical location characteristics, and converts attacker information into a set of multi-dimensional attack behavior feature vectors. Use the Canopy method to find the optimal K value based on the attacker’s coarse-grained attack information, and then use the improved K-means clustering method based on the attacker’s fine-grained attack information to determine the attackers or attacking organizations with similar European distances as homologous attacks . Through the present invention, the behavior characteristics of homologous attackers can be modeled as feature vectors based on function code sequences, which is applicable to the analysis of honeypot data of many industrial control protocols with function code characteristics; it is difficult to determine and verify the same attack source of honeypot data Provide a verification method for the problem. For some unknown enterprise scanners or attackers, use the open source abuse IP database query, and verify the traditional attacker information of other unknown attackers.

Description

technical field [0001] The invention belongs to the field of industrial control security, and relates to industrial control honeypot data analysis, in particular to an industrial control honeypot-oriented homologous attack analysis method. Background technique [0002] The research on attacker traceability mainly relies on IP traceability technology, which is a key means of active protection of network security. The mainstream methods include: probabilistic packet marking traceability method and log traceability method. The probabilistic packet marking technology writes identification information (such as IP address) into the header field (marking field) of the forwarded packet, and then the victim retrieves the marking information from the received packet and finally determines the attack path. The log tracing method is that the router records the information related to the packet before forwarding the packet, and then reconstructs the attack path based on the recorded info...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40G06K9/62
CPCH04L63/1491H04L63/1433H04L63/1416H04L2463/146G06F18/23213
Inventor 陈永乐马垚杨玉丽于丹王建华
Owner 山西星泽汇联科技有限公司