TY - JOUR
T1 - Honeypot Identification in Softwarized Industrial Cyber-Physical Systems
AU - Sun, Yanbin
AU - Tian, Zhihong
AU - Li, Mohan
AU - Su, Shen
AU - Du, Xiaojiang
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2021/8
Y1 - 2021/8
N2 - In softwarized industrial networking, honeypot identification is very important for both the attacker and the defender. Existing honeypot identification relies on simple features of honeypot. There exist two challenges: The simple feature is easily simulated, which causes inaccurate results, whereas the advanced feature relies on high interactions, which lead to security risks. To cope with these challenges, in this article, we propose a secure fuzzy testing approach for honeypot identification inspired by vulnerability mining. It utilizes error handling to distinguish honeypots and real devices. Specifically, we adopt a novel identification architecture with two steps. First, a multiobject fuzzy testing is proposed. It adopts mutation rules and security rules to generate effective and secure probe packets. Then, these probe packets are used for scanning and identification. Experiments show that the fuzzy testing is effective and corresponding probe packet can acquire more features than other packets. These features are helpful for honeypot identification.
AB - In softwarized industrial networking, honeypot identification is very important for both the attacker and the defender. Existing honeypot identification relies on simple features of honeypot. There exist two challenges: The simple feature is easily simulated, which causes inaccurate results, whereas the advanced feature relies on high interactions, which lead to security risks. To cope with these challenges, in this article, we propose a secure fuzzy testing approach for honeypot identification inspired by vulnerability mining. It utilizes error handling to distinguish honeypots and real devices. Specifically, we adopt a novel identification architecture with two steps. First, a multiobject fuzzy testing is proposed. It adopts mutation rules and security rules to generate effective and secure probe packets. Then, these probe packets are used for scanning and identification. Experiments show that the fuzzy testing is effective and corresponding probe packet can acquire more features than other packets. These features are helpful for honeypot identification.
KW - Honeypot identification
KW - industrial cyber-physical system (CPS)
KW - secure fuzzy testing
KW - softwarized network
UR - http://www.scopus.com/inward/record.url?scp=85098799112&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098799112&partnerID=8YFLogxK
U2 - 10.1109/TII.2020.3044576
DO - 10.1109/TII.2020.3044576
M3 - Article
AN - SCOPUS:85098799112
SN - 1551-3203
VL - 17
SP - 5542
EP - 5551
JO - IEEE Transactions on Industrial Informatics
JF - IEEE Transactions on Industrial Informatics
IS - 8
M1 - 9293368
ER -