Review on Key Technologies of Industrial Control System Security Simulation

doi:10.16182/j.issn1004731x.joss.20-0875

Abstract

Abstract: In order to cope with the increasingly serious industrial internet security problems, simulation is viewed as a critical backboned technology for drilling of network attack and defense, tracking back and analyzing of security incidents, as well as validating of pre-research technology. On the basis of summarizing the studies of three types of typical industrial control system security simulation platform, the key technologies used in industrial control cyber range and industrial control honeynets are highlighted. Technologies are summarized, such as the virtualization technology of industrial control network and industrial control components, the construction technology of industrial control target field dominated by flow simulation and behavior simulation, the trapping technology of industrial control honeynet under the interconnection of multiple honeypots, and the data acquisition and evaluation technology. The challenges and future trends in the field of security simulation of industrial control systems are presented.

Key words: industrial internet security simulation, virtualization, industrial control cyber range, industrial control honeynets

CLC Number:

TP391.9

Wang Bailing, Liu Hongri, Zhang Yaofang, Lü Sicai, Wang Zibo, Wang Qimeng. Review on Key Technologies of Industrial Control System Security Simulation[J]. Journal of System Simulation, 2021, 33(6): 1466-1488.

References

[1] 2018中国工业互联网创新发展白皮书[EB/OL]. (2018-08-07) [2021-06-09] http://www.mtx.cn/#/report?id=653548.
China’s Industrial Internet Innovative Development White Paper in 2018[EB/OL]. (2018-08-07) [2021-06-09] http://www.mtx.cn/#/report?id=653548.
[2] 锁延锋, 王少杰, 秦宇, 等. 工业控制系统的安全技术与应用研究综述[J]. 计算机科学, 2018, 45(4): 25-33.
Suo Yanfeng, Wang Shaojie, Qin Yu, et al.Summary of Security Technology and Application in Industrial Control System[J]. Computer Science, 2018, 45(4): 25-33.
[3] Queiroz C, Mahmood A, Hu J, et al.Building a SCADA security testbed[C]// 2009 Third International Conference on Network and System Security. Gold Coast, QLD, Australia: IEEE, 2009: 357-364.
[4] Davis C M, Tate J E, Okhravi H, et al.SCADA Cyber Security Testbed Development[C]// Power Symposium, 2006. Naps 2006. North American. Carbondale, IL, USA: IEEE, 2007: 483-488.
[5] Mallouhi M, Al-Nashif Y, Cox D, et al.A Testbed for Analyzing Security of SCADA Control Systems (TASSCS)[C]// Innovative Smart Grid Technologies (ISGT), 2011 IEEE PES. Anaheim, CA, USA: IEEE, 2011: 1-7.
[6] Siaterlis C, Genge B, Hohenadel M.EPIC: a Testbed for Scientifically Rigorous Cyber-physical Security Experimentation[J]. IEEE Transactions on Emerging Topics in Computing, 2013, 1(2): 319-330.
[7] Urias V, Van Leeuwen B, Richardson B.Supervisory Command and Data Acquisition (SCADA) System Cyber Security Analysis Using a Live, Virtual, and Constructive (LVC) Testbed[C]// Military Communi- cations Conference, 2012-MILCOM 2012. Orlando, FL, USA: IEEE, 2012: 1-8.
[8] Hahn A, Ashok A, Sridhar S, et al.Cyber-physical Security Testbeds: Architecture, Application, and Evaluation for Smart Grid[J]. IEEE Transactions on Smart Grid (S1949-3053), 2013, 4(2): 847-855.
[9] 威努特. 工控网络攻防演练平台[EB/OL]. (2016-08-06) [2021-06-09] http://www.winicssec.com/product/d32.html.
Winicssec. Industrial Control Networks Attack and Defense Drill Platform[EB/OL]. (2016-08-06) [2021-06- 09] http://www.winicssec.com/product/d32.html.
[10] 王勇, 刘蔚. 工业控制系统共性安全技术测试床[P]. 上海: CN106647714A, 2017-05-10.
Wang Yong, Liu Wei. A Common Security Technology Testbed for Industrial Control System[P]. Shanghai: CN106647714A, 2017-05-10.
[11] 浙江大学工业控制技术国家重点实验室. 工业控制系统安全脆弱性分析与建模的理论与应用研究[EB/OL] (2016-12-31) [2021-06-09] http://output.nsfc.gov.cn/conclusionProject/6419634e161361a72f7acb39898d6acd.
State Key Laboratory of Industrial Control Technology. Research on Theory and Application of Industrial Control System Security Vulnerability Analysis and Modeling [EB/OL] (2016-12-31) [2021-06-09] http://output.nsfc.gov.cn/conclusionProject/6419634e161361a72f7acb39898d6acd.
[12] Austrian Institute of Technology. AIT CYBER RANGE [EB/OL]. (2018-09-12) [2021-06-09] https://cyberra-nge.at/ait-cyber-range/.
[13] 网络安全应急技术国家工程实验室, 关键基础设施安全应急响应中心. 埃森哲推出工控网络安全靶场项目[EB/OL]. (2019-12-01) [2021-06-09] https://www.ics-c-ert.org.cn/portal/page/133/626b2d0fd6f148bf84869c50501d619b.html.
Cyber Emergency Response Technology National Engineering Laboratory, Critical Infrastructure Security Response Center. Industrial Control Network Safe Range Projects Proposed by Accenture [EB/OL]. (2019-12-01) [2021-06-09] https://www.ics-cert.org.cn/portal/page/133/626b2d0fd6f148bf84869c50501d619b.html.
[14] RHEA. Next Generation Cyber Range Services [EB/OL]. (2020-09-08) [2021-06-09] https://www.rheagroup.com/services-solutions/security/cybersecurity/cyber-range.
[15] 宁波工业互联网研究院. 工控安全试验场[EB/OL]. (2018-09-18)[2021-06-09]http://www.niii.com/index.php/studio.html.
Ningbo Industrial Internet Institute. Industrial Control Security Testing Ground[EB/OL]. (2018-09-18) [2021- 06-09]http://www.niii.com/index.php/studio.html.
[16] 安恒信息. 工控攻防演练平台[EB/OL]. (2019-10-11) [2021-06-09]https://www.dbappsecurity.com.cn/show-64-30-1.html.
DAS Security. Industrial Control System Attack and Defense Drill Platform [EB/OL]. (2019-10-11) [2021-06-09]https://www.dbappsecurity.com.cn/show-64-30-1.html
[17] 科梁信息. 电力工控网络攻防靶场[EB/OL]. (2017-03- 11) [2021-06-09] http://www.keliangtek.com/solution/e-xplain/102.html.
KeLiang. Attack and Defense Range for Electric-power Industrial Control Network[EB/OL]. (2017-03-11) [2021-06-09]http://www.keliangtek.com/solution/explain/102.html.
[18] Lukas R. CONPOT ICS/SCADA Honeypot[EB/OL]. (2019-07-20)[2021-06-09] https://github.com/mushorg/conpot.
[19] Cybereason. Cybereason’s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers On High Alert [EB/OL]. (2020-06-09) [2021-06-09]. https://www.cybereason.com/blog/cybereason-honeypot-multistage-ransomware.
[20] Trend Micro. Trend Micro Creates Factory Honeypot to Trap Attackers [EB/OL]. (2020-01-30) [2021-06-09] https://www.trendmicro.com/en_us/research/20/a/this-week-in-security-news-trend-micro-creates-factory-honeypot-to-trap-malicious-attackers-and-microsoft-leaves-250m-customer-service-records-open-to-the-web.html.
[21] 北京安天网络安全技术有限公司. 安天捕风蜜罐系统[EB/OL].(2020-03-25)[2021-06-09]https://www.antiy.cn/About/news/20200312.html.
Antiy Labs. Antiy Bufeng Honeypot System[EB/OL]. (2020-03-25) [2021-06-09] https://www.antiy.cn/About/news/20200312.html.
[22] 烽台科技. 工控蜜罐-实战攻防演练专用(定制) [EB/ OL]. (2020-03-08) [2021-06-09] 工控蜜罐-实战攻防演练专用(定制) [EB/ OL]. (2020-03-08) [2021-06-09] http://www.fengtaisec.com/
Fengtai Technology.Industrial Control Honeypot: Spe- cial for Actual Attack and Defense Drill (Custom) [EB/ OL]. (2020-03-08)[2021-06-09]Industrial Control Honeypot: Spe- cial for Actual Attack and Defense Drill (Custom) [EB/ OL]. (2020-03-08)[2021-06-09]http://www.fengtaisec.com/
[23] 六方云. 工控威胁感知系统-工业蜜罐[EB/OL]. (2020-07-23) [2021-06-09] https://www.6cloudtech.com/portal/index/product/pagename/page_industrial_honeypot.html.
6cloud. Industrial Control Honeypot: Industrial Control Threat Perception System[EB/OL]. (2020-07-23)[2021- 06-09] https://www.6cloudtech.com/portal/index/product/pagename/page_industrial_honeypot.html.
[24] 东北大学“谛听”网络安全团队. 2019年工业控制系统网络安全态势白皮书[EB/OL]. (2020-04-22) [2021-06-09] https://www.secrss.com/articles/18999.
DITECTING of Northeastern University. The Cybersecurity Situations of Industrial Control System White Paper in2019[EB/OL]. (2020-04-22) [2021-06-09] https://www.secrss.com/articles/18999.
[25] Marco O.T-pot[EB/OL]. (2021-05-07) [2021-06-09] https://github.com/telekom-security/tpot-ce.
[26] 周振柳, 郑安刚, 邹和平. 电力二次系统安全防护综合仿真试验床研究[J]. 系统仿真学报, 2015, 27(6): 1221-1226.
Zhou Zhenliu, Zheng Angang, Zou Heping.Research on Safty Protection Compositive Simulation Test Bed for Electric Secondary System[J]. Journal of System Simulation, 2015, 27(6): 1221-1226.
[27] Chowdhury N M M K, Boutaba R. A Survey of Network Virtualization[J]. Computer Networks (1389-1286), 2010, 54(5): 862-876.
[28] Kreutz D, Ramos F M V, Verissimo P E, et al. Software-defined Networking: A Comprehensive Survey[J]. Proceedings of the IEEE (S0018-9219) 2014, 103(1): 14-76.
[29] Costanzo S, Galluccio L, Morabito G, et al.Software Defined Wireless Networks: Unbridling SDNs[C]// 2012 European Workshop on Software Defined Networking. Darmstadt, Germany: IEEE, 2012: 1-6.
[30] Drutskoy D, Keller E, Rexford J.Scalable Network Virtualization in Software-defined Networks[J]. IEEE Internet Computing (S1089-7801), 2012, 17(2): 20-27.
[31] 黄锦松, 杨艺, 王文鼐. 一种基于虚拟化平台的网络仿真准实验床[J]. 计算机技术与发展, 2015, 25(8): 208-212.
Huang Jinsong, Yang Yi, Wang Wennai.A Para-testbed for Network Simulation Based on Virtualized Platform[J]. Computer Technology and Development, 2015, 25(8): 208-212.
[32] 张浩, 刘渊, 王晓锋, 等. 基于云平台的高逼真链路仿真研究[J]. 计算机工程, 2017, 43(8): 1-7.
Zhang Hao, Liu Yuan, Wang Xiaofeng, et al.Research on High-fidelity Link Emulation Based on Cloud Platform[J]. Computer Engineering, 2017, 43(8): 1-7.
[33] Machii W, Kato I, Koike M, et al.Dynamic zoning based on situational activitie for ICS Security[C]//2015 10th Asian Control Conference (ASCC). Kota Kinabalu, Malaysia: IEEE, 2015: 1-5.
[34] Ghazisaeedi E, Huang C.Energy-aware Node and Link Reconfiguration for Virtualized Network Environments[J]. Computer Networks (S1389-1286), 2015, 93P3(Dec.24): 460-479.
[35] Han B, Gopalakrishnan V, Ji L, et al.Network Function Virtualization: Challenges and Opportunities for Innovations[J]. IEEE Communications Magazine (S0163-6804), 2015, 53(2): 90-97.
[36] Hawilo H, Shami A, Mirahmadi M, et al.NFV: State of the Art, Challenges, and Implementation in Next Generation Mobile Networks (vEPC)[J]. IEEE Network (S0890-8044), 2014, 28(6): 18-26.
[37] Petroulakis N E, Fysarakis K, Askoxylakis I, et al.Reactive Security for SDN/NFV‐Enabled Industrial Networks Leveraging Service Function Chaining[J]. Transactions on Emerging Telecommunications Technologies (S2161-5748), 2018, 29(7): e3269.
[38] Babiceanu R F, Seker R.Cyber Resilience Protection for Industrial Internet of Things: A Software-defined Networking Approach[J]. Computers in Industry (S0166-3615), 2019, 104: 47-58.
[39] Piedrahita A F M, Gaur V, Giraldo J, et al. Virtual Incident Response Functions in Control Systems[J]. Computer Networks (1389-1286), 2018, 135(Apr.22): 147-159.
[40] Cruz T, Simoes P, Monteiro E.Virtualizing Programmable Logic Controllers: Toward a Convergent Approach[J]. IEEE Embedded Systems Letters (S1943-0663), 2016, 8(4): 69-72.
[41] Goldschmidt T, Murugaiah M K, Sonntag C, et al.Cloud-based control: A multi-tenant, horizontally scalable soft-PLC[C]// 2015 IEEE 8th International Conference on Cloud Computing. New York, NY, USA: IEEE, 2015: 909-916.
[42] Alves T, Das R, Morris T.Virtualization of Industrial Control System Testbeds for Cybersecurity[C]// The 2nd Annual Industrial Control System Security Workshop. New York, NY, USA: ACM, 2016: 10-14.
[43] Murillo A F, Cómbita L F, Gonzalez A C, et al.A Virtual Environment for Industrial Control Systems: A Nonlinear Use-Case in Attack Detection, Identification, and Response[C]// The 4th Annual Industrial Control System Security Workshop. New York, NY, USA: ACM, 2018: 25-32.
[44] Muthukumar N, Srinivasan S, Ramkumar K, et al.A Model-based Approach for Design and Verification of Industrial Internet of Things[J]. Future Generation Computer Systems (S0167-739X), 2019, 95: 354-363.
[45] Alves T, Das R, Werth A, et al.Virtualization of SCADA Testbeds for Cybersecurity Research: A Modular Approach[J]. Computers & Security (S0167-4048), 2018, 77: 531-546.
[46] 宋贺, 王晓锋. 基于轻量级虚拟化的LDDoS仿真方法[J]. 计算机工程, 2020, 46(3): 105-113.
Song He, Wang Xiaofeng.LDDoS Emulation Method Based on Lightweight Virtualization[J]. Computer Engineering, 2020, 46(3): 105-113.
[47] 曾子懿, 邱菡, 朱俊虎, 等. 基于能力度量的网络安全实验环境多仿真规划[J]. 计算机科学, 2018, 45(11): 160-163,186.
Zeng Ziyi, Qiu Han, Zhu Junhu, et al.Network Security Experiment Environment Multi-emulation Panning Based on Capability Measurement[J]. Computer Science, 2018, 45(11): 160-163, 186.
[48] 刘渊, 邱常伶, 王晓锋, 等. 面向多尺度融合网络仿真的拓扑映射方法研究[J]. 系统仿真学报, 2019, 31(10): 2030-2041.
Liu Yuan, Qiu Changling, Wang Xiaofeng, et al.Research on Topology Mapping Method for Multiscale Integration Network Emulation[J]. Journal of System Simulation, 2019, 31(10): 2030-2041.
[49] 吴文燕, 姜鑫, 王晓锋, 等. 虚拟化与数字仿真融合的多尺度网络复现技术[J]. 计算机应用, 2018, 38(3): 746-752.
Wu Wenyan, Jiang Xin, Wang Xiaofeng, et al.Multi-scale Network Replication Technology for Fusion of Virtualization and Digital Simulation[J]. Journal of Computer Applications, 2018, 38(3): 746-752.
[50] Vishwanath K V, Vahdat A.Swing: Realistic and Responsive Network Traffic Generation[J]. IEEE/ACM Transactions on Networking (S1063-6692), 2009, 17(3): 712-725.
[51] Sommers J, Kim H, Barford P.Harpoon: a Flow-level Traffic Generator for Router and Network Tests[J]. ACM SIGMETRICS Performance Evaluation Review (S0163-5999), 2004, 32(1): 392-392.
[52] Clegg R G.Simulating internet traffic with Markov-modulated processes[C]// UK Performance Engineering Workshop. Berlin, Germany: Springer, 2007: 25-37.
[53] Vishwanath K V, Vahdat A.Realistic and responsive network traffic generation[C]// ACM SIGCOMM Computer Communication Review. New York, NY, USA: ACM, 2006, 36(4): 111-122.
[54] Salvador P, Pacheco A, Valadas R.Modeling IP Traffic: Joint Characterization of Packet Arrivals and Packet Sizes Using BMAPs[J]. Computer Networks (S1389-1286), 2004, 44(3): 335-352.
[55] Li T, Liu J.Cluster-based Spatiotemporal Background Traffic Generation for Network Simulation[J]. ACM Transactions on Modeling and Computer Simulation (TOMACS)(S1049-3301), 2014, 25(1): 1-25.
[56] Dainotti A, Pescapé A, Rossi P S, et al.Internet Traffic Modeling by Means of Hidden Markov Models[J]. Computer Networks (S1389-1286), 2008, 52(14): 2645-2662.
[57] Klemm A, Lindemann C, Lohmann M.Modeling IP Traffic Using the Batch Markovian Arrival Process[J]. Performance Evaluation (S0166-5316), 2003, 54(2): 149-173.
[58] 田中大, 高宪文, 李树江, 等. 遗传算法优化回声状态网络的网络流量预测[J]. 计算机研究与发展, 2015, 52(5): 1137-1145.
Tian Zhongda, Gao Xianwen, Li Shujiang, et al.Prediction Method for Network Traffic Based on Genetic Algorithm Optimized Echo State Network[J]. Journal of Computer Research and Development, 2015, 52(5): 1137-1145.
[59] Zhou J, Yang X, Sun L, et al.Network Traffic Prediction Method based on Improved Echo State Network[J]. IEEE Access (S2169-3536), 2018, 6: 70625-70632.
[60] 李松, 周亚同, 池越, 等. 高斯过程混合模型应用于网络流量预测研究[J]. 计算机工程与应用, 2020, 56(5): 186-193.
Li Song, Zhou Yatong, Chi Yue, et al.Application of Gaussian Process Mixture Model on Network Traffic Prediction[J]. Computer Engineering and Applications, 2020, 56(5): 186-193.
[61] 殷荣网. 基于FCM-LSSVM网络流量预测模型[J]. 计算机工程与应用, 2016, 52(1): 105-109.
Yin Rongwang.Network Traffic Predicting Model Based on FCM-LSSVM. Computer Engineering and Applicat- ions[J]. Computer Engineering and Applications, 2016, 52(1): 105-109.
[62] 贾松达, 庞宇松, 阎高伟. 多任务LS-SVM在时间序列预测中的应用[J]. 计算机工程与应用, 2018, 54(3): 233-237.
Jia Songda, Pang Yusong, Yan Gaowei.Multi-task LS-SVM for Application of Time Series Prediction[J]. Computer Engineering and Applications, 2018, 54(3): 233-237.
[63] 李校林, 吴腾. 基于PF-LSTM网络的高效网络流量预测方法[J]. 计算机应用研究, 2019, 36(12): 3833-3836.
Li Xiaolin, Wu Teng.Efficient Network Traffic Prediction Method Based on PF-LSTM Network[J]. Application Research of Computers, 2019, 36(12): 3833-3836.
[64] 林振荣, 黎嘉诚, 杨冬芹, 等. 改进微分进化和小波神经网络的网络流量预测[J]. 计算机工程与设计, 2019, 40(12): 3413-3418.
Lin Zhenrong, Li Jiacheng, Yang Dongqin, et al.Network Traffic Prediction Based on Wavelet Neural Network with Improved Differential Evolution Algorithm[J]. Computer Engineering and Design, 2019, 40(12): 3413-3418.
[65] Xia C, Jin X, Xu C, et al.Real-time Scheduling Under Heterogeneous Routing for Industrial Internet of Things[J]. Computers & Electrical Engineering, 2020, 86: 106740.
[66] 褚伟波, 管晓宏, 蔡忠闽, 等. 面向互动式网络场景再现的流速控制系统与方法[J]. 计算机学报, 2012, 35(7): 1485-1497.
Chu Weibo, Guan Xiaohong, Cai Zhongmin, et al.System and Method for Real-Time Volume Control in Reproducing Network Scenario[J]. Chinese Journal of Computers, 2012, 35(7): 1485-1497.
[67] Zhang X, Liu H, Wang B, et al.Generating Realistic Network Traffic and Interactive Application Workloads Using Container Technology[C]// 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN). Guangzhou, China: IEEE, 2017: 1021-1025.
[68] Avallone S, Guadagno S, Emma D, et al.D-ITG Distributed Internet Traffic Generator[C]// Quantitative Evaluation of Systems, 2004. QEST 2004 Proceedings. First International Conference on the. Enscheda, the Netherlands: IEEE, 2004: 316-317.
[69] Botta A, Dainotti A, PescapÉ A.A Tool for the Generation of Realistic Network Workload for Emerging Networking Scenarios[J]. Computer Networks (S1389-1286), 2012, 56(15): 3531-3547.
[70] Molnár S, Megyesi P, Szabó G.Multi-functional traffic generation framework based on accurate user behavior emulation[C]//2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). Turin, Italy: IEEE, 2013: 13-14.
[71] Wu W, Huang N, Zhang Y.A New Hybrid Traffic Generation Model for Tactical Internet reliability test[C]// 2015 Annual Reliability and Maintainability Symposium (RAMS). Palm Harbor, FL, USA: IEEE, 2015: 1-6.
[72] Amirkhanyan A, Sapegin A, Gawron M, et al.Simulation User Behavior on a Security Testbed Using User Behavior States Graph[C]// Proceedings of the 8th International Conference on Security of Information and Networks. New York, NY, USA: ACM, 2015: 217-223.
[73] Wright C V, Connelly C, Braje T, et al.Generating Client Workloads and High-fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security[C]// International Workshop on Recent Advances in Intrusion Detection. Ottawa, ON, Canada: Springer Berlin Heidelberg, 2010: 218-237.
[74] Jorgensen Z, Yu T.On Mouse Dynamics as a Behavioral Biometric for Authentication[C]// Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. New York, NY, USA: ACM, 2011: 476-482.
[75] Zheng N, Paloski A, Wang H.An Efficient User Verification System via Mouse Movements[C]// ACM Conference on Computer and Communications Security. New York, NY, USA: ACM, 2011: 139-150.
[76] Alquwatli M H, Habaebi M H, Khan S.Review of SCADA Systems and IoT Honeypots[C]// 2019 IEEE 6th International Conference on Engineering Technologies and Applied Sciences (ICETAS). Kuala Lumpur, Malaysia: IEEE, 2019: 1-6.
[77] Leita C, Mermoud K, Dacier M.Scriptgen: an automated script generation tool for honeyd[C]// 21st Annual Computer Security Applications Conference (ACS- AC'05). IEEE, 2005: 203-214.
[78] Winn M, Rice M, Dunlap S, et al.Constructing Cost-effective and Targetable Industrial Control System Honeypots for Production Networks[J]. International Journal of Critical Infrastructure Protection (S1874-5482), 2015, 10: 47-58.
[79] Kołtyś K, Gajewski R.SHaPe: A Honeypot for Electric Power Substation[J]. Journal of Telecommunications and Information Technology (S1509-4553), 2015(4): 37-43.
[80] Buza D I, Juhász F, Miru G, et al.CryPLH: Protecting Smart Energy Systems from Targeted Attacks with a PLC Honeypot[C]// International Workshop on Smart Grid Security. Munich, Germany: Springer, Cham, 2014: 181-192.
[81] Xiao F, Chen E, Xu Q.S7commtrace: A High Interactive Honeypot for Industrial Control System based on s7 Protocol[C]// International Conference on Information and Communications Security. Beijing, China: Springer, Cham, 2017: 412-423.
[82] 赵国新, 丁若凡, 游建舟, 等. 基于工控业务仿真的高交互可编程逻辑控制器蜜罐系统设计实现[J]. 计算机应用, 2020, 40(9): 2650-2656.
Zhao Guoxin, Ding Ruofan, You Jianzhou, et al.Design and Implementation of High-interaction Programmable Logic Controller Honeypot System Based on Industrial Control Business Simulation[J]. Journal of Computer Applications, 2020, 40(9): 2650-2656.
[83] Girtz K, Mullins B, Rice M, et al.Practical Application Layer Emulation in Industrial Control System Honeypots[C]// International Conference on Critical Infrastructure Protection. Arlington, USA: Springer, Cham, 2016: 83-98.
[84] Pliatsios D, Sarigiannidis P, Liatifis T, et al.A Novel and Interactive Industrial Control System Honeypot for Critical Smart Grid Infrastructure[C]// 2019 IEEE 24th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD). Limassol, Cyprus: IEEE, 2019: 1-6.
[85] 游建舟, 吕世超, 孙玉砚, 等. 物联网蜜罐综述[J]. 信息安全学报, 2020, 5(4): 138-156.
You Jianzhou, Lü Shichao, Sun Yuyan, et al.A Survey on Honeypots of Internet of Things[J]. Journal of Cyber Security, 2020, 5(4): 138-156.
[86] 石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展[J]. 电子与信息学报, 2019, 41(2): 498-508.
Shi Leyi, Li Yang, Ma Mengfei.Latest Research Progress of Honeypot Technology[J]. Journal of Electronics & Information Technology, 2019, 41(2): 498-508.
[87] 李政达, 周成胜. 基于蜜罐的工控蜜网系统的设计与实现[J]. 信息技术与网络安全, 2020, 39(8): 21-26, 32.
Li Zhengda, Zhou Chengsheng.Design and Implementation of Honeynet Based on Honeypot for Industrial Control System[J]. Network and Information Security, 2020, 39(8): 21-26, 32.
[88] SCADA Honeynets How to Build and Analyzing Attacks [EB/OL]. (2020-04-24) [2021-06-09] https://s4xevents.com/wp-content/uploads/2020/04/9Honeynet.pdf
[89] Simões P, Cruz T, Proença J, et al.Specialized Honeypots for SCADA Systems[M]. Cyber Security: Analytics, Technology and Automation. Springer, Cham, 2015: 251-269.
[90] Ammar Z, AlSharif A. Deployment of IoT-based honeynet model[C]// Proceedings of the 6th International Conference on Information Technology: IoT and Smart City. New York, NY, USA: ACM, 2018: 134-139.
[91] Memari N, Hashim S J B, Samsudin K B. Towards Virtual Honeynet Based on LXC Virtualization[C]// 2014 IEEE Region 10 Symposium. Kuala Lumpur, Malaysia: IEEE, 2014: 496-501.
[92] Serbanescu A V, Obermeier S, Yu D Y.A Flexible Architecture for Industrial Control System Honeypots[C]// 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE). Colmar, France: IEEE, 2015, 4: 16-26.
[93] Ding C, Zhai J, Dai Y.An Improved ICS Honeypot Based on SNAP7 and IMUNES[C]// International Conference on Cloud Computing and Security. Haikou, China: Springer, Cham, 2018: 303-313.
[94] Haney M, Papa M.A Framework for the Design and Deployment of a SCADA Honeynet[C]// The 9th Annual Cyber and Information Security Research Conference. New York, NY, USA: ACM, 2014: 121-124.
[95] Mashima D, Chen B, Gunathilaka P, et al.Towards a Grid-Wide, High-Fidelity Electrical Substation Honeynet[C]// 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm). Maui, HI(US): IEEE, 2017: 89-95.
[96] Hecker C, Hay B.Automated Honeynet Deployment for Dynamic Network Environment[C]// 2013 46th Hawaii International Conference on System Sciences. Wailea, HI, USA: IEEE, 2013: 4880-4889.
[97] Fan W, Fernández D, Du Z.Versatile Virtual Honeynet Management Framework[J]. IET Information Security (S1751-8709), 2016, 11(1): 38-45.
[98] 方滨兴, 贾焰, 李爱平, 等. 网络空间靶场技术研究[J].信息安全学报, 2016, 1(3): 1-9.
Fang Binxing, Jia Yan, Li Aiping, et al.Cyber Ranges: State-of-the-art and Research Challenges[J]. Journal of Cyber Security, 2016, 1(3): 1-9.
[99] Čeleda P, Čegan J, Vykopal J, et al.Kypo-a Platform for Cyber Defence Exercises[J]. M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence. NATO Science and Technology Organization, 2015.
[100] Vykopal J, Vizváry M, Oslejsek R, et al.Lessons Learned from Complex Hands-on Defence Exercises in a Cyber Range[C]// 2017 IEEE Frontiers in Education Conference (FIE). Indianapolis, IN, USA: IEEE, 2017: 1-8.
[101] Tian Z, Cui Y, An L, et al.A Real-Time Correlation of Host-level Events in Cyber Range Service for Smart Campus[J]. IEEE Access (S2169-3536), 2018, 6: 35355-35364.
[102] 刘渊, 冯兴兵, 王晓锋, 等. 面向虚实互联网络的链路采集技术研究[J]. 系统仿真学报, 2020, 32(3): 421-429.
Liu Yuan, Feng Xingbing, Wang Xiaofeng, et al.Research of Link Acquisition Technology for Virtual-reality Network[J]. Journal of System Simulation, 2020, 32(3): 421-429.
[103] Ahmed I, Obermeier S, Sudhakaran S, et al.Programmable Logic Controller Forensics[J]. IEEE Security & Privacy (S1540-7993), 2017, 15(6): 18-24.
[104] Yau K, Chow K P, Yiu S M.A Forensic Logging System for Siemens Programmable Logic Controllers[C]// IFIP International Conference on Digital Forensics. New Delhi, India: Springer, Cham, 2018: 331-349.
[105] Senthivel S, Ahmed I, Roussev V.SCADA Network Forensics of the PCCC Protocol[J]. Digital Investigation, 2017, 22(aug.): 57-65.
[106] Yau K, Chow K P.PLC Forensics based on Control Program Logic Change Detection[J]. Journal of Digital Forensics, Security and Law (S1558-7215), 2015, 10(4): 5.
[107] Wu T, Nurse J R C. Exploring the use of Plc Debugging Tools for Digital Forensic Investigations on Scada Systems[J]. Journal of Digital Forensics, Security and Law (S1558-7215), 2015, 10(4): 7.
[108] 曹康华, 董伟伟, 汪锦量, 等. 基于虚拟蜜网的用电信息采集系统攻击检测方法[J]. 计算机科学, 2019, 46(S2): 455-459.
Cao Kanghua, Dong Weiwei, Wang Jinliang, et al.Attack Detection Method for Electricity Information Collection System Based on Virtual Honeynet[J]. Computer Science, 2019, 46(S2): 455-459.
[109] Gautam R, Kumar S, Bhattacharya J.Optimized virtual Honeynet with Implementation of Host Machine as Honeywall[C]// 2015 Annual IEEE India Conference (INDICON). New Delhi, India: IEEE, 2015: 1-6.
[110] Data Collection and Data Analysis in Honeypots and Honeynets [EB/OL] (2015-04-22) [2021-06-09] http:// spi.unob.cz/papers/2015/2015-19.pdf
[111] Nawrocki M, Wählisch M, Schmidt T C, et al. A Survey on Honeypot Software and Data Analysis[J]. arXiv preprint arXiv:1608.06249, 2016.
[112] Moore C, Al-Nemrat A.An Analysis of Honeypot Programs and the Attack Data Collected[C]// International Conference on Global Security, Safety, and Sustainability. London, UK: Springer, Cham, 2015: 228-238.
[113] Sokol P, Kopčová V.Lessons Learned From Correlation of Honeypots' Data and Spatial Data[C]// 2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI). Ploiesti, Romania: IEEE, 2016: 1-8.
[114] Fraunholz D, Zimmermann M, Hafner A, et al.Data Mining in Long-term Honeypot Data[C]// 2017 IEEE International Conference on Data Mining Workshops (ICDMW). New Orleans, LA, USA: IEEE, 2017: 649-656.
[115] Zarreh A, Wan H D, Lee Y, et al.Risk Assessment for Cyber Security of Manufacturing Systems: A Game Theory Approach[J]. Procedia Manufacturing (S2351- 9789), 2019, 38: 605-612.
[116] Liu X, Shahidehpour M, Li Z, et al.Power System Risk Assessment in Cyber Attacks Considering the Role of Protection Systems[J]. IEEE Transactions on Smart Grid (S1949-3053), 2016, 8(2): 572-580.
[117] Zhang Q, Zhou C, Xiong N, et al.Multimodel-based Incident Prediction and Risk Assessment in Dynamic Cybersecurity Protection for Industrial Control Systems[J]. IEEE Transactions on Systems, Man, and Cybernetics: Systems (S2168-2216), 2015, 46(10): 1429-1444.
[118] Zhu Q, Qin Y, Zhou C, et al.Extended Multilevel Flow Model-based Dynamic Risk Assessment for Cyber- security Protection in Industrial Production Systems[J]. International Journal of Distributed Sensor Networks (S1550-1477), 2018, 14(6): 1550147718779564.
[119] Zhang Q, Zhou C, Tian Y C, et al.A Fuzzy Probability Bayesian Network Approach for Dynamic Cybersecurity Risk Assessment in Industrial Control Systems[J]. IEEE Transactions on Industrial Informatics (S1551-3203), 2017, 14(6): 2497-2506.
[120] Baybutt P.Issues for Security Risk Assessment in the Process Industries[J]. Journal of Loss Prevention in the Process Industries (S0950-4230), 2017, 49(Pt.B): 509-518.
[121] 龚俭, 臧小东, 苏琪, 等. 网络安全态势感知综述[J].软件学报, 2017, 28(4): 1010-1026.
Gong Jian, Zang Xiaodong, Su Qi, et al.Survey of Network Security Situation Awareness[J]. Journal of Software, 2017, 28(4): 1010-1026.
[122] 贾焰, 王晓伟, 韩伟红, 等. YHSSAS: 面向大规模网络的安全态势感知系统[J]. 计算机科学, 2011, 38(2): 4-8, 37.
Jia Yan, Wang Xiaowei, Han Weihong, et al.YHSSAS: Large-scale Network Oriented Security Situational Awareness System[J]. Computer Science, 2011, 38(2): 4-8, 37.
[123] Hoffman B, Buchler N, Doshi B, et al.Situational Awareness in Industrial Control Systems[M]. Cyber-security of SCADA and Other Industrial Control Systems. Switzerland: Springer, Cham, 2016: 187-208.
[124] 王坤, 邱辉, 杨豪璞. 基于攻击模式识别的网络安全态势评估方法[J]. 计算机应用, 2016, 36(1): 194-198, 226.
Wang Kun, Qiu Hui, Yang Haopu.Network Security Situation Evaluation Method Based on Attack Pattern Recognition[J]. Journal of Computer Applications, 2016, 36(1): 194-198, 226.
[125] 杨豪璞, 邱辉, 王坤. 面向多步攻击的网络安全态势评估方法[J]. 通信学报, 2017, 38(1): 187-198.
Yang Haopu, Qiu Hui, Wang Kun.Network Security Situation Evaluation Method for Multi-step Attack[J]. Journal on Communications, 2017, 38(1): 187-198.
[126] Shi H, Tu X, Wang Z.An Industrial Control System Situation Awareness Method based on Weighting Algorithm[C]// 3rd International Conference on Mechatronics Engineering and Information Technology (ICMEIT 2019). Dalian, China: Atlantis Press, 2019.
[127] 陆耿虹, 冯冬芹. 工控网络安全态势感知算法实现[J].控制理论与应用, 2016, 33(8): 1054-1060.
Lu Genghong, Feng Dongqin.Industrial Control System Network Security Situation Awareness Modeling and Algorithm Implementation[J]. Control Theory & Applications, 2016, 33(8): 1054-1060.
[128] 陆耿虹, 冯冬芹. 基于粒子滤波的工业控制网络态势感知建模[J]. 自动化学报, 2018, 44(8): 1405-1412.
Lu Genghong, Feng Dongqin.Modeling of Industrial Control Network Situation Awareness With Particler Filtering[J]. Acta Automatica Sinica, 2018, 44(8): 1405-1412.
[129] 陆耿虹, 冯冬芹. 基于改进C-SVC的工控网络安全态势感知[J]. 控制与决策, 2017, 32(7): 1223-1228.
Lu Genghong, Feng Dongqin.Industrial Control Net-work Security Situation Awareness Based on Improved C-SVC[J]. Control and Design, 2017, 32(7): 1223-1228.
[130] 尚文利, 敖建松, 赵剑明, 等. 基于DAE的工控系统态势理解算法[J]. 小型微型计算机系统, 2020, 41(6): 1231-1236.
Shang Wenli, Ao Jiansong, Zhao Jianming, et al.Situation Understanding Algorithm for Industrial Control Systems Based on DAE[J]. Journal of Chinese Computer Systems, 2020, 41(6): 1231-1236.
[131] 敖建松, 尚文利, 赵剑明, 等. 基于ARIMA预测修正的工控系统态势理解算法[J]. 计算机应用研究, 2019, 37(9): 1-5.
Ao Jiansong, Shang Wenli, Zhao Jianming, et al.Situation Understanding Algorithm for Industrial Control System Based on ARIMA Prediction and Modification[J]. Application Research of Computers, 2019, 37(9): 1-5.
[132] 刘玉岭, 冯登国, 连一峰, 等. 基于时空维度分析的网络安全态势预测方法[J]. 计算机研究与发展, 2014, 51(8): 1681-1694.
Liu Yuling, Feng Dengguo, Lian Yifeng, et al.Network Situation Prediction Method Based on Spatial-Time Dimension Analysis[J]. Journal of Computer Research and Development, 2014, 51(8): 1681-1694.