Research on risk identification of malicious threats to large-scale industrial control network equipment assets

In recent years, the industrial Internet has made great progress in the context of the country's vigorous promotion of new infrastructure, but the integration of industrial control systems and the Internet has also brought more network security risks to the industrial control industry. Existing industrial control network security protection technology still has many shortcomings, such as the intrusion detection model for stealth attack detection accuracy is not high, high interaction honeypot is difficult to adapt to a variety of industrial control scenarios and so on. In this paper, we design and implement a large-scale industrial control network equipment assets malicious threat risk identification, this research designs and implements the session flow intrusion detection according to the TCP/IP protocol stack model to parse each Ethernet frame, and extract the session flow from the packet through the session flow identification. A highly interactive honeypot is designed and implemented which logs the attacker's attacks at two levels. Finally, a plug-in industrial control protocol parsing framework is implemented. The experimental results show that this research provides effective malicious threat risk identification for industrial control network devices, which can detect and prevent potential security threats in time, safeguard the stable operation of these critical infrastructures, and prevent production accidents and social disorder caused by cyber-attacks.