工业互联网蜜网技术综述  

作　　者：陈曦 姜亚光 林昕 周文 CHEN Xi;JIANG Yaguang;LIN Xin;ZHOU Wen(School of Software and Microelectronics,Peking University,Beijing 100871,China;China Center for Information Industry Development,Beijing 100048,China;China Software Testing Center(CSIP),Beijing 100048,China;Engineering Research Center of Smart Energy,Civil Aviation Administration of China,Beijing 100088,China)

机构地区：[1]北京大学软件与微电子学院,北京100871 [2]中国电子信息产业发展研究院,北京100048 [3]中国软件评测中心(工业和信息化部软件与集成电路促进中心),北京100048 [4]中国民用航空局民航智慧能源工程技术研究中心,北京100088

出　　处：《网络与信息安全学报》2024年第5期23-38,共16页Chinese Journal of Network and Information Security

摘　　要：工业互联网将互联网和物联网技术应用于传统工业领域,通过连接、监控和优化工业系统中的设备、机器和流程,实现生产效率的提升、资源利用的优化以及产品和服务的创新。然而,工业互联网中的复杂设备和协议容易存在安全漏洞,导致潜在诸多的安全威胁。蜜网是功能强大的网络安全手段,通过虚拟或模拟的系统、服务或资源,诱导攻击者进行攻击。一旦攻击者与蜜网互动,即可监控并记录攻击活动,有助于提前发现新型网络安全威胁,改进网络安全防御,并为安全研究提供数据。通过汇总大量工业互联网蜜网的相关文献和资料,总结了工业互联网蜜网的基本概念和发展过程,并介绍了工业互联网蜜网的关键技术,对设备仿真、协议模拟和部署分析进行了详细的技术介绍。此外,还针对工业互联网蜜网的功能和结构,提出了基于ATT&CK(adversarial tactics,techniques&common knowledge)的企业矩阵模型的蜜网评估体系,对几种工业互联网蜜网进行了评估,并对工业互联网未来的研究进行了展望。The industrial Internet was integrated with Internet and IoT technologies into traditional industrial sectors,with the aim of enhancing production efficiency,optimizing resource utilization,and fostering innovation in products and services.However,the complexity of industrial Internet devices and protocols posed security vulnerabilities,resulting in numerous security threats.Honeynets emerged as a powerful cybersecurity measure,employing virtual or simulated systems,services,or resources to lure attackers.Upon interaction with the honeynet,monitoring and recording of attack activities were conducted,which aided in the early detection of novel cybersecurity threats,enhanced network security defenses,and contributed valuable data for security research.A substantial body of literature and resources on industrial Internet honeynets were synthesized,outlining their fundamental concepts and developmental processes.Key technologies of industrial Internet honeynets,including device simulation,protocol emulation,and deployment analysis,were comprehensively discussed.Additionally,a honeynet assessment system based on the Adversarial Tactics,Techniques&Common Knowledge(ATT&CK)framework was proposed,tailored to the functionalities and structures of industrial Internet honeynets.Several industrial Internet honeynets were evaluated using this model,and the conclusion was addressed with prospects for future research in industrial Internet honeynets.

关 键 词：工业互联网 蜜网 蜜罐 网络安全 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]