Modbus协议
蜜罐
鉴定(生物学)
计算机科学
控制(管理)
工业控制系统
嵌入式系统
计算机安全
操作系统
人工智能
软件
生物
植物
作者
Yunhao Xu,Chao Li,Dongbing Gu,Zhewei Zhang,Zhe Sun,Yanfei Song
标识
DOI:10.1109/dsc63484.2024.00089
摘要
The increasing number of attacks on Industrial Control Systems (ICS) has brought greater attention to ICS honeypots, which act as decoy systems to gather data on attackers and detect threats. Attackers attempt to evade detection by identifying honeypots through countermeasures such as fuzz testing, where they send anomalous inputs to determine if the honeypot responds differently from a real device. In this paper, we present a method to identify fuzzy test behavior for Modbus protocol, allowing recognized fuzz testing traffic to be redirected to real devices to prolong the survival time of the honeypot. Our approach involves generating fuzzy test datasets by capturing raw data and enhancing samples based on multiple random seeds. We utilized various algorithms for recognition and conducted grid search hyperparameter tuning, ultimately achieving satisfactory experimental results.
科研通智能强力驱动
Strongly Powered by AbleSci AI