Intelligent learning type self-response industrial internet honeypot induction method and system

An industrial Internet and intelligent learning technology, which is applied in the field of intelligent learning self-response industrial Internet honeypot induction, can solve the problems that there is no clear and public self-learning method, and the attacker cannot be captured, so as to achieve real-time update and good simulation effect Effect

Active Publication Date: 2020-06-26
SHANGHAI GUAN AN INFORMATION TECH
View PDF3 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in this technology, there is no explicit self-learning method, and the self-learning process is only for the current access request, and there is no correlation between the previous access request and the response result. In addition, this technology only targets the attacker's IP, IP The corresponding geographical location, etc., these are the basic attributes of the attacker, and cannot capture the complete behavior of the attacker, as a bait for later entrapment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent learning type self-response industrial internet honeypot induction method and system
  • Intelligent learning type self-response industrial internet honeypot induction method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] like figure 1 As shown, an intelligent learning self-response industrial Internet honeypot induction method,

[0041] S01. Sample data processing

[0042]The traffic engine unit regularly collects the request sequence of the attacker in the honeypot for a period of time (such as 3 months), and the business request sequence of the industrial environment under normal circumstances for a period of time, and then encodes different request commands through the encoding unit, such as Use the character "A" to represent the "open" command, etc., so as to generate the code sequence corresponding to the request. According to the request sequence of these attackers and the business request sequence in the industrial environment, select to detect the devices in the industrial Internet one by one under supervision, and record the devices that respond to these requests and the response content to the "Original Response" table. The response behavior in the "Original Response" table ...

Embodiment 2

[0055] Corresponding to Embodiment 1, this embodiment provides an intelligent learning type self-response industrial Internet honeypot induction system, including

[0056] Sample data processing module

[0057] The traffic engine unit regularly collects the request sequence of the attacker in the honeypot for a period of time (such as 3 months), and the business request sequence of the industrial environment under normal circumstances within a period of time, and encodes different request commands such as using the character "A "Represents the "open" command, etc., so as to generate the encoding sequence corresponding to the request. According to the request sequence of these attackers and the business request sequence in the industrial environment, select to detect the devices in the industrial Internet one by one under supervision, and record the devices that respond to these requests and the response content to the "Original Response" table. The response behavior in the "O...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an intelligent learning type self-response industrial internet honeypot induction method and system. The method comprises the following steps: sample data processing: periodically acquiring a service request command of an industrial environment under a normal condition in a set time period, equipment for responding to the request command and response content, and processingto generate a request response sequence as a model training sample data set; responding to prediction model training; threat trapping is carried out, request data of a current attacker are obtained, anode where a request sub-sequence is located on a probability suffix tree is searched for according to a current response prediction model, feedback is given to the request data, data are recorded till attacks are ended, and then an obtained original attack request response sequence is added into a sample data set; repeating the above process. According to the method, through deep learning of data interaction of various industrial control systems, various industrial control systems and services are truly simulated, attackers can be cheated and cannot be exposed, and powerful guarantee is provided for industrial Internet safety.

Description

technical field [0001] The invention relates to the technical field of industrial Internet security business, in particular to an intelligent learning self-response industrial Internet honeypot induction method and system. Background technique [0002] Honeypot technology is essentially a technology to deceive the attacker. By arranging some hosts, network services or information as bait, the attacker is induced to attack them, so that the attack behavior can be captured and analyzed, and the attack behavior can be understood. The tools and methods used by the party, and the attack intention and motivation can be speculated, so that the defense party can clearly understand the security threats they face, and enhance the security protection capabilities of the actual system through technical and management means. [0003] Honeypot technology is generally divided into low-interaction honeypots and high-interaction honeypots according to the degree of interaction provided by th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06N3/08G06F16/2458G06F16/23
CPCH04L63/1491G06N3/08G06F16/2465G06F16/2322
Inventor 王文君赵杰达盼飞郑力达李明蕊魏国富殷钱安梁淑云
Owner SHANGHAI GUAN AN INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap