Research on Active Defense Security System Based on Four-Honey Coordination for Energy Systems

doi:10.3969/j.issn.1671-1122.2025.06.010

Abstract

Abstract:

The energy system, as a critical national infrastructure, faces severe challenges from advanced persistent threats (APTs) and zero day vulnerability attacks. This paper focused on the current energy system security defense solutions that mainly rely on feature detection and boundary protection, making it difficult to cope with the security challenges of high concealment and long latency APT attacks. A new type of four honey collaborative active defense system based on trapping was introduced. By deploying honey points, honeypots, honeyholes, and honey arrays in the energy system to construct a threat perception network, combined with deception defense and dynamic collaboration mechanisms, a “protective” active defense system for the energy system was formed, achieving early perception, accurate discrimination, and traceability deterrence of attackers. The experimental results show that this system can effectively capture attack behaviors and provide timely warnings of potential threats when dealing with complex network attacks in energy systems, providing a new approach to security protection for energy systems against APT attacks.

Key words: energy system security, advanced persistent threat, threat perception, collaborative defense model, dynamic decoying

CLC Number:

TP309

ZHU Zhicheng, CAO Hui, WANG Yinsheng. Research on Active Defense Security System Based on Four-Honey Coordination for Energy Systems[J]. Netinfo Security, 2025, 25(6): 955-966.

Figures/Tables 14

References 15

[1]	QIANXIN Threat Intelligence Center. Recoil Network Warfare: Analysis of Ukraine’s Second Power Failure Event[EB/OL]. (2019-09-26) [2024-11-12]. https://www.freebuf.com/articles/system/214591.html.
	奇安信威胁情报中心. 复盘网络战: 乌克兰二次断电事件分析[EB/OL]. (2019-09-26)[2024-11-12]. https://www.freebuf.com/articles/system/214591.html.
[2]	FENG Zhiwei. Research and Application of Network Security Equipment Linkage Strategy[D]. Baoding: North China Electric Power University, 2014.
	冯志伟. 网络安全设备联动策略的研究与应用[D]. 保定: 华北电力大学, 2014.
[3]	CHANDOLA V, BANERJEE A, KUMAR V. Anomaly Detection: A Survey[J]. ACM Computing Surveys, 2009, 41(3): 1-58.
[4]	VIGNESWARAN R, POORNACHANDRAN P, SOMAN K P. A Compendium on Network and Host Based Intrusion Detection Systems[C]// Springer. 1st International Conference on Data Science, Machine Learning and Applications. Heidelberg: Springer, 2020: 23-30.
[5]	CHAWLA A, LEE B, FALLON S, et al. Host Based Intrusion Detection System with Combined CNN/RNN Model[C]// Springer. Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Heidelberg: Springer, 2019: 149-158.
[6]	LI Daoquan, YANG Qianqian, LU Xiaofu. SDN Network Intrusion Classification Detection Model Based on Decision Tree[J]. Computer Engineering and Design, 2022, 43(8): 2146-2152.
	李道全, 杨乾乾, 鲁晓夫. 基于决策树的SDN网络入侵分类检测模型[J]. 计算机工程与设计, 2022, 43(8):2146-2152.
[7]	ZHANG Peiqing, TIAN Guangke, DONG Haiying. Research on Network Intrusion Detection Based on Whitening PCA and CNN[C]// IEEE. 7th International Conference on Smart Grid and Smart Cities. New York: IEEE, 2023: 232-237.
[8]	ZHUGE Jianwei, TANG Yong, HAN Xinhui, et al. Research and Application Progress of Honeypot Technology[J]. Journal of Software, 2013, 24(4): 825-842.
	诸葛建伟, 唐勇, 韩心慧, 等. 蜜罐技术研究与应用进展[J]. 软件学报, 2013, 24(4):825-842.
[9]	SHI Leyi, LI Yang, MA Mengfei. Latest Research Progress of Honeypot Technology[J]. Journal of Electronics & Information Technology, 2019, 41(2): 498-508.
	石乐义, 李阳, 马猛飞. 蜜罐技术研究新进展[J]. 电子与信息学报, 2019, 41(2):498-508.
[10]	KONIARIS I, PAPADIMITRIOU G, NICOPOLITIDIS P. Analysis and Visualization of SSH Attacks Using Honeypots[C]// IEEE. Eurocon 2013. New York: IEEE, 2013: 65-72.
[11]	WEGERER M, TJOA S. Defeating the Database Adversary Using Deception-A Mysql Database Honeypot[C]// IEEE. 2016 International Conference on Software Security and Assurance. New York: IEEE, 2016: 6-10.
[12]	FAN Wenjun, FERNÁNDEZ D, VILLAGRÁ V A. Technology Independent Honeynet Description Language[C]// IEEE. 2015 3rd International Conference on Model-Driven Engineering and Software Development. New York: IEEE, 2015: 303-311.
[13]	FAN Wenjun, DU Zhihui, SMITH-CREASEY M, et al. HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design[J]. IEEE Journal on Selected Areas in Communications, 2019, 37(3): 683-697. doi: 10.1109/JSAC.2019.2894307
[14]	TIAN Zhihong, FANG Binxing, LIAO Qing, et al. Cybersecurity Assurance System in the New Era and Development Suggestions Thereof: from Self-Defense to Guard[J]. Strategic Study of CAE, 2023, 25(6): 96-105. doi: 10.15302/J-SSCAE-2023.06.007
	田志宏, 方滨兴, 廖清, 等. 从自卫到护卫:新时期网络安全保障体系构建与发展建议[J]. 中国工程科学, 2023, 25(6):96-105. doi: 10.15302/J-SSCAE-2023.06.007
[15]	CAO Yuhao, WANG Xinjian, WANG Yihang, et al. Analysis of Factors Affecting the Severity of Marine Accidents Using a Data-Driven Bayesian Network[EB/OL]. (2023-01-03) [2024-11-12]. https://doi.org/10.1016/j.oceaneng.2022.113563.

攻击源IP	当日蜜点告警/个	当日蜜庭告警/个	当日总告警 /个	历史总告警 /个
36.21.X.X	504	30	534	534
193.68.X.X	368	47	415	1418
60.205.X.X	0	204	204	204
141.98.X.X	144	21	165	240
193.200.X.X	92	0	92	92
183.137.X.X	90	0	90	90
180.184.X.X	70	0	70	516
185.224.X.X	68	0	68	102
109.236.X.X	67	0	67	92
103.7.X.X	63	0	63	63

攻击源IP	告警数/个	最近攻击时间	首次攻击时间
190.167.X.X	606	2025-02-10 08:02:37	2025-02-10 03:01:19
180.184.X.X	446	2025-02-10 11:51:42	2025-02-10 10:37:31
119.108.X.X	325	2025-02-10 07:50:59	2025-02-10 06:11:47
180.178.X.X	111	2025-02-10 14:25:16	2025-02-10 13:33:05
203.194.X.X	106	2025-02-10 01:46:12	2025-02-10 01:28:14
60.21.X.X	83	2025-02-10 21:50:44	2025-02-10 21:37:56
166.62.X.X	68	2025-02-10 14:41:16	2025-01-22 15:54:16
190.12.X.X	66	2025-02-10 15:28:34	2025-02-10 01:50:07
49.75.X.X	64	2025-02-10 15:00:07	2025-02-10 08:08:23
34.96.X.X	63	2025-02-10 17:54:21	2025-01-22 18:47:08

攻击源IP	本周期攻击次数/次	踩中蜜点个数/个	最近攻击时间
190.167.X.X	1612	1	2025-02-10 08:02:37
36.21.X.X	534	13	2025-02-10 16:17:03
180.184.X.X	516	1	2025-02-10 11:51:42
119.108.X.X	327	1	2025-02-10 07:50:59
60.205.X.X	204	3	2025-02-10 17:06:54