Honeypot Identification in Softwarized Industrial Cyber–Physical Systems

Abstract

In softwarized industrial networking, honeypot identification is very important for both the attacker and the defender. Existing honeypot identification relies on simple features of honeypot. There exist two challenges: The simple feature is easily simulated, which causes inaccurate results, whereas the advanced feature relies on high interactions, which lead to security risks. To cope with these challenges, in this article, we propose a secure fuzzy testing approach for honeypot identification inspired by vulnerability mining. It utilizes error handling to distinguish honeypots and real devices. Specifically, we adopt a novel identification architecture with two steps. First, a multiobject fuzzy testing is proposed. It adopts mutation rules and security rules to generate effective and secure probe packets. Then, these probe packets are used for scanning and identification. Experiments show that the fuzzy testing is effective and corresponding probe packet can acquire more features than other packets. These features are helpful for honeypot identification.