中图分类号：TP393.08
文献标识码：A
DOI：10.19358/j.issn.2096-5133.2022.02.004
引用格式： 李实，万佳蓉，林显盛. 基于蜜罐的工控网络安全防护技术研究进展[J].信息技术与网络安全，2022，
41(2)：20-26，32.

Research progress of honeypot-based ICS security protection technology

Abstract：Industrial Control System(ICS) is the core of the industrial production process. With the increasingly severe international network security situation, more and more attackers are taking ICS as target and causing a series of terrible security events. As an active defense technology, honeypot for ICS are gradually becoming a research hotspot. On the basis of investigating existing related work, in this paper we sort out the current research content from the concepts of honeypot, key technologies of honeypot, application instances and development trends. Aiming at the architecture of DCS in nuclear power industrial, we investigate the virtualization technology of S7 protocol, operating system and other temptation traps in the Docker container, and design a simulation honeypot for the TXP system. In order to verify the protection effect of the honeypot system, the honeypot is deployed in the TXP system and the attack is simulated through scripts. The results show that the system can accurately capture the attack traffic, analyze and identify the content, successfully trick the attacker who illegally penetrated the intranet into the virtual environment composed of the honeynet and alarm user. Honeypot can comprehensively improve the threat perception ability of the TXP system to detect, record, and trace the attack behavior.

Key words :honeypot；ICS security；system design