【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 6460次   下载 8378 本文二维码信息
码上扫一扫!
物联网蜜罐综述
游建舟,吕世超,孙玉砚,石志强,孙利民
分享到: 微信 更多
(中国科学院信息工程研究所 物联网信息安全技术北京市重点实验室, 北京 中国 100093;中国科学院大学 网络空间安全学院, 北京 中国 100049)
摘要:
物联网(The Internet of Things,简称IoT)是新一代信息技术的重要组成部分,已广泛应用于经济社会发展的各个领域,如工业控制系统、智能家居、智慧城市等。随着物联网应用的爆发式增长,物联网设备被直接暴露在互联网中,成为了黑客攻击的重点目标,并引发了大量安全事件。在多源异构的物联网环境中,传统的入侵检测、防火墙等安全防护工具存在易漏报和易误报的问题。蜜罐作为一种新兴的主动防御技术,通过构建可控的诱饵环境,主动引导黑客攻击,能够捕获高质量的原始攻击数据,从而低误报地发现攻击威胁。本文通过调研大量物联网蜜罐文献,总结了物联网蜜罐的基本概念和技术发展主线,重点介绍了重定向、识别与反识别和数据分析三种关键技术。此外,本文提出了一种基于杀伤链模型的物联网蜜罐评估体系,实现相关蜜罐工作的对比分析,并讨论和展望了物联网蜜罐未来可能的研究方向。
关键词:  物联网  蜜罐  工业控制系统  信息物理系统
DOI:10.19363/J.cnki.cn10-1380/tn.2020.07.09
Received:November 09, 2019Revised:January 31, 2020
基金项目:本课题得到国家重点研发计划(No.2018YFB0803402),国家自然科学基金重点项目(No.U1766215),国家电网公司总部科技项目(No.522722180007)资助。
A Survey on Honeypots of Internet of Things
YOU Jianzhou,LV Shichao,SUN Yuyan,SHI Zhiqiang,SUN Limin
Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
Internet of Things (IoT) is an important part of the new generation information technology. It has been widely infiltrated into the national economy and social development in various fields, such as industrial control systems, smart home, and smart city. With the explosive growth of IoT applications, IoT devices are exposed on the Internet directly. It has become an attractive target for hackers and caused lots of security issues. For conventional security tools like intrusion detection systems (IDS) and firewalls, it’s prone to be high false alarm rate and hard to deploy in heterogeneous IoT environments. As a new initiative based on the defense network security technology, the honeypot builds a highly controlled environment to capture high-value primary data and discover threats with low false alarm rate. By analyzing relevant IoT honeypot systems and literature, this paper summarized some basic conception of IoT honeypots and the line of development in technology. Based on IoT honeypots, this paper introduced and discussed three technologies: redirection, recognition & counter-recognition and data analysis. Besides, this paper proposed a new IoT honeypot evaluation system based on the cyber kill chain to estimate related work and further discussed the research trend.
Key words:  internet of things  honeypot  industrial control system  cyber physical system