A Novel Deception Defense-Based Honeypot System for Power Grid Network

In recent years, as cyber-attacks have become more and more rampant, power grid networks are also facing more and more security threats, which have gradually become the focus attention of attackers. Traditional defense methods are represented by intrusion detection systems and firewalls, whose main purpose is to keep attackers out. However, with the diversification, concealment and complexity of attack methods, traditional defense methods are usually difficult to cope with the endless attack methods. To this end, this paper proposes a new type of honeypot system based on deception defense technology. While retaining the nature of the honeypot, it adopts dynamic deception approach to actively collect unused IP addresses in the power grid networks. Then, these unused IP addresses are used to construct dynamic virtual hosts. When an attacker initiates network access to these dynamic virtual hosts, they will proactively respond to the attacker or redirect the attack traffic to the honeypot in the background, thereby deceiving and trapping the attacker. The experimental results show that the proposed honeypot system can effectively expands the monitoring range of traditional honeypots and has a good defense effect against unknown attacks, thus effectively making up for the shortcomings of traditional defense methods.