Abstract
Industrial honeypot is different from ordinary honeypot mainly because of the industrial control protocol used in the communication of industrial control equipment in the industrial control system. The trapping ability of industrial control honeypot mainly depends on its simulation interaction level, and the simulation protocol communication interaction determines the authenticity of the trapping environment. Based on the investigation of the control system of real power plant, it is proposed that the control system of power plant is placed in sandbox to restore the high fidelity of honeypot. Using protocol reverse analysis technology, in-depth analysis of EGD industrial control protocol to master protocol characteristics, timely sense abnormal industrial control traffic data and abnormal protocol packets. Use the Cuckoo sandbox framework to deploy honeypots with the main aircraft deployment mechanism to prevent escape or other sabotage if an attacker identifies the honeypot as a springboard. Finally, all suspected attack data captured by honeypot will be submitted to cuckoo host for analysis, providing reliable data for network security administrators and a more secure active defense network environment for power plants.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Stouffer, K., Falco, J., Scarfone, K.: NIST special publication, p. 82 (2008)
Min, J., Liu, X.: Design of integrated “state grid cloud” security protection system. Electr. Power Inf. Commun. Technol. 17(1), 78–82 (2019)
Dong, L., Zhao, R.: Analysis and thinking of my country’s industrial information security situation. Inf. Technol. Netw. Secur. 38(12), 37–41 (2019)
Stevens, C.: Assembling cybersecurity: the politics and materiality of technical malware reports and the case of Stuxnet. Contemp. Secur. Policy 41(1), 129–152 (2020)
Li, D.: Analysis of Stuxnet virus incident and improvement of industrial control security protection capabilities. Netw. Secur. Technol. Appl. (01), 9–10+24 (2019)
Mi, X.: From the “Stuxnet virus” and Ukraine power outages to see the information security of electric power companies. Public Power (S2), 50–56 (2016)
Zhu, C.: Behind the blackout in Venezuela. State Grid (05), 72–74 (2019)
Liu, X.: The “black” of the US oil pipeline may bring ripple effects [ER/OL]. Xinhuanet, http://www.xinhuanet.com/. Accessed 12 May 2021
Hu, H.: Physical isolation can also be invaded across networks. China Aerosp. J. (003) (2020)
Notice of request for information (RFI) on ensuring the continued security of the united states critical electric infrastructure. The Federal Register/FIND, vol. 86, no. 076 (2021)
Zhang, Y., Gao, S., Wang, F., Bian, J.: Overview of industrial control system safety technology research. In: 2018 Proceedings of China Automation Conference (CAC 2018), p. 6. Chinese Society of Automation (2018)
GE Energy. GE Fanuc Network and Communication User Manual [ER/OL] (2013). https://www.docin.com/p-1925734744.html
Zang, Z.: Research and implementation of industrial gas chromatograph data gateway. China Instr. (06), 36–39 (2020)
Cuckoo, [EB/OL]. https://cuckoo.sh/docs/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Yao, X., Wang, G., Yan, Pz., Zhang, Lf., Sun, Y. (2022). Industrial Control Honeypot Based on Power Plant Control System. In: Xu, C., Xia, Y., Zhang, Y., Zhang, LJ. (eds) Web Services – ICWS 2021. ICWS 2021. Lecture Notes in Computer Science(), vol 12994. Springer, Cham. https://doi.org/10.1007/978-3-030-96140-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-96140-4_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-96139-8
Online ISBN: 978-3-030-96140-4
eBook Packages: Computer ScienceComputer Science (R0)