基于工控业务仿真的高交互可编程逻辑控制器蜜罐系统设计实现  被引量：8

作　　者：赵国新[1] 丁若凡 游建舟 吕世超[3] 彭锋 李菲 孙利民[3] ZHAO Guoxin;DING Ruofan;YOU Jianzhou;LYU Shichao;PENG Feng;LI Fei;SUN Limin(College of Information Engineering,Beijing Institute of Petrochemical Technology,Beijing 102617,China;College of Information Science and Technology,Beijing University of Chemical Technology,Beijing 100020,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100089,China)

机构地区：[1]北京石油化工学院信息工程学院,北京102617 [2]北京化工大学信息科学与技术学院,北京100020 [3]中国科学院信息工程研究所,北京100089

出　　处：《计算机应用》2020年第9期2650-2656,共7页journal of Computer Applications

基　　金：国家重点研发计划项目(2018YFC1201102);广东省重点研发计划项目(2019B010137004);国家电网公司总部科技项目(522722180007)。

摘　　要：工控蜜罐的诱捕能力受仿真程度显著影响,针对现有工控蜜罐缺乏业务逻辑仿真的问题,提出了一种基于工控业务仿真的高交互可编程逻辑控制器(PLC)蜜罐设计框架和搭建方法。首先,基于工控系统的交互层次提出了一种新的工控系统(ICS)蜜罐分类方法;然后,根据工控设备的不同仿真维度,将蜜罐诱捕过程分为过程仿真循环和服务仿真循环;最后,通过定制的数据转存模块将过程数据转换到服务仿真循环中,以实现业务逻辑数据的实时响应。实验以西门子S7-300 PLC设备为参考,结合典型工控蜜罐软件Conpot和建模仿真工具Matlab/Simulink,实现了信息服务仿真和控制过程仿真的协同工作。实验结果表明,相较于Conpot,高交互PLC蜜罐系统新增了11种西门子S7设备私有功能,其中读(04 Read功能码)写(05 Write功能码)操作实现了对PLC的I区7个通道的监测和Q区1个通道的控制。这种全新的蜜罐系统突破了现有交互层次和方式的局限,为工控蜜罐设计拓展了新方向。The capability of entrapment is significantly influenced by the degree of simulation in industrial control honeypots.In view of the lack of business logic simulation of existing industrial control honeypots,the high-interaction Programmable Logic Controller(PLC)honeypot design framework and implementation method based on industrial control business simulation were proposed.First,based on the interaction level of industrial control system,a new classification method of Industrial Control System(ICS)honeypots was proposed.Then,according to different simulation dimensions of ICS devices,the entrapment process in honeypot was divided into a process simulation cycle and a service simulation cycle.Finally,in order to realize the real-time response to business logic data,the process data was transferred to the service simulation cycle through a customized data transfer module.Combining typical ICS honeypot software Conpot and the modeling simulation tool Matlab/Simulink,the experiments were carried out with Siemens S7-300 PLC device as the reference,and so as to realize the collaborative work of information service simulation and control process simulation.The experimental results show that compared with Conpot,the proposed PLC honeypot system newly adds 11 private functions of Siemens S7 devices.Especially,the operating read(function code 04 Read)and write(function code 05 Write)in the new functions realize 7 channel monitoring for I area data and 1 channel control for Q area data in PLC.This new honeypot system breaks through the limitations of existing interaction levels and methods and finds new directions for ICS honeypot design.

关 键 词：蜜罐 工控系统 Conpot 高交互 S7comm私有功能 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]