Dynamic Defense Method for Industrial Control Networks based on Shadow Honeynet

Dynamic Defense Method for Industrial Control Networks based on Shadow Honeynet

연구 분야: Infrastructure

학회: 2023 9th International Conference on Computer and Communications (ICCC)

With the deep integration of Internet technology and industrial development, traditional closed industrial Internet faces an increasing array of dynamic attack vectors. To address these evolving threats, dynamic defense methods have become a crucial component of industrial control network security. This paper proposes a dynamic defense method based on a shadow honeynet, which involves a collaborative construction strategy with the industrial control network to share operational states and network structures. The method aims to collect targeted attack traffic and utilizes an efficient adaptive clustering technique to classify malicious traffic within the shadow honeynet. This enables real-time adjustments of defense strategies to detect new attacks. Furthermore, extensive experiments are conducted on a composite dataset comprising real-world data, SCADA data, and industrial control honeypot data. The results demonstrate significant performance improvements of the proposed method compared to existing approaches.