NeuPot: A Neural Network-Based Honeypot for Detecting Cyber Threats in Industrial Control Systems
发布时间:2023-02-01 点击次数:
姚羽(教授)
+
- 博士生导师 硕士生导师
- 电子邮箱:
- 职务:复杂网络系统安全保障技术教育部工程研究中心主任
- 学历:博士研究生毕业
- 性别:男
- 联系方式:yaoyu@mail.neu.edu.cn
- 学位:博士
- 毕业院校:东北大学
- 所属院系:计算机科学与工程学院
- 学科:
计算机应用技术
计算机软件与理论
计算机系统结构
- 发表刊物:IEEE Transactions on Industrial Informatics.
- 影响因子:11.648
- 摘要:Honeypots have proven to be an effective defense method for industrial control systems (ICSs). However, as attacker skills become more sophisticated, it becomes increasingly difficult to develop honeypots that can effectively recognize and respond to such attacks. In this paper, we propose a neural network-based ICS honeypot scheme named Neupot that improves security from two aspects: honeypot interaction and cyber threats detection capability. Neupot can respond to attacker requests depending on a specific industrial scenario without constant communication with the ICS and detect malicious traffic. To create this honeypot scheme, a new seq2seq time-series forecast model guided by Huber loss is designed to simulate the long-term changes in actual ICS physical processes. Second, a Modbus honeypot framework is created to react to changes in these ICS physical processes in their interactions with attackers and to capture various cyber threats against the ICS. Further, a novel loss function for industrial protocol-level malicious traffic detection is devised to identify known and unknown threats. According to our experiments, the proposed honeypot scheme is highly effective and outperforms state-of-the-art schemes in terms of interactivity and in detecting cyber threats.
- 关键字:Industrial control system, honeypot, neural network, time series forecast, malicious traffic detection
- 论文类型:SCI JCR Q1
- 备注:https://ieeexplore.ieee.org/document/10032823
- 学科门类:工学
- 文献类型:JCR 一区
- 一级学科:计算机科学与技术
- 是否译文:否