Open Access

ARTICLE

Identifying Honeypots from ICS Devices Using Lightweight Fuzzy Testing

Yanbin Sun¹, Xiaojun Pan¹, Chao Xu², Penggang Sun², Quanlong Guan³, Mohan Li^{1, *}, Men Han⁴

1 Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, China.
2 Guangzhou Information Technology Security Evaluation Center, Guangzhou, 510006, China.
3 Jinan University, Guangzhou, 510006, China.
4 Kennesaw State University, 1100 South Marietta Pkwy Marietta, Georgia, 30060, USA.

* Corresponding Author: Mohan Li. Email: .

Computers, Materials & Continua 2020, 65(2), 1723-1737. https://doi.org/10.32604/cmc.2020.010593

Received 26 May 2020; Accepted 24 June 2020; Issue published 20 August 2020

Abstract

The security issues of industrial control systems (ICSs) have become increasingly prevalent. As an important part of ICS security, honeypots and antihoneypots have become the focus of offensive and defensive confrontation. However, research on ICS honeypots still lacks breakthroughs, and it is difficult to simulate real ICS devices perfectly. In this paper, we studied ICS honeypots to identify and address their weaknesses. First, an intelligent honeypot identification framework is proposed, based on which feature data type requirements and feature data acquisition for honeypot identification is studied. Inspired by vulnerability mining, we propose a feature acquisition approach based on lightweight fuzz testing, which utilizes the differences in error handling between the ICS device and the ICS honeypot. By combining the proposed method with common feature acquisition approaches, the integrated feature data can be obtained. The experimental results show that the feature data acquired is effective for honeypot identification.

---

Keywords

---

Citations