近年來，工業控制系統被大量採用在關鍵基礎設施等重要場所以提高管理與控制的效率，伴隨著工業控制系統帶來的便利，同時也增加了關鍵基礎設施受到網路攻擊的風險，一旦關鍵基礎設施受到攻擊造成的損失相當巨大。而目前主要的工業控制系統防禦方式只著重在防止攻擊者入侵隔離的工業網路，因此本研究探討了在工業控制系統內部作用的防禦方式—工控蜜罐Conpot，以及可能被攻擊者所利用物聯網搜尋引擎Shodan。透過分析搜尋引擎的搜尋結果改善了Conpot蜜罐的設定，並著手建立自訂的搜尋與判斷機制，未來將發展為我們自己的物聯網搜尋引擎。

These years, industrial control system has been wildly used to improve the efficiency of management and control infrastructures. Industrial control system not only brings convenience for industrial management but also brings cyber threats into industrial environment. It may cause serious damage once infrastructure being attacked. At present, the main industrial control system defense methods only focus on preventing attackers from invading isolated industrial networks. Therefore, this study explores Conpot - a honeypot used in industrial environment, and the Internet of Things search engine Shodan may be used by attackers. By analyzing the search results from the Internet of Things search engine, we improved the configuration of Conpot, and a custom search and honeypot judgment mechanism has been set up, which will evolve into our own IoT search engine.

[1] Min, P., Shi, C., & Chen, Z. M. (2018, February). Design of Industrial Control Data Acquisition System Based on Embedded System. In Measuring Technology and Mechatronics Automation (ICMTMA), 2018 10th International Conference on (pp. 279-281). IEEE.
[2] Jicha, A., Patton, M., & Chen, H. (2016, November). SCADA honeypots: An in-depth analysis of Conpot. In 2016 IEEE conference on intelligence and security informatics (ISI).
[3] Langner, R. (2011). Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 9(3), 49-51.
[4] Case, D. U. (2016). Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC).
[5] David B. (2017). How a smart coffee machine infected a plc monitoring system with ransomware [online] Available: https://www.tripwire.com/state-of-security/ics-security/how-a-smart-coffee-machine-infected-a-plc-monitoring-system-with-ransomware [Accessed 2018/02/24].
[6] ISC-CERT.(2016). ICS-CERT Annual Vulnerability Coordination Report [online] Available: https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS-CERT_2016_Annual_Vulnerability_Coordination_Report_S508C.pdf
[Accessed 2018/06/14].
[7] Kuman, S., Groš, S., & Mikuc, M. (2017, May). An experiment in using IMUNES and Conpot to emulate honeypot control networks. In Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2017 40th International Convention on (pp. 1262-1268). IEEE.
[8] 黃俊, & 葉紀剛. (2004). 紫坪鋪水電站綜合自動化系統. 四川水力發電, 23(2), 67-68.
[9] Song, E. Y., & Lee, K. B. (2008, May). Sensor Network based on IEEE 1451.0 and IEEE p1451. 2-RS232. In Instrumentation and Measurement Technology Conference Proceedings, 2008. IMTC 2008. IEEE (pp. 1728-1733). IEEE.
[10] 耿立中, 王鹏, 马骋, & 贾惠波. (2008). RS485 高速数据传输协议的设计与实现. 清华大学学报: 自然科学版, 48(8), 1311-1314.
[11] Stouffer, K. A., Falco, J. A., & Scarfone, K. A. (2011). Sp 800-82. guide to industrial control systems (ics) security: Supervisory control and data acquisition (scada) systems, distributed control systems (dcs), and other control system configurations such as programmable logic controllers (plc).
[12] Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16-16.
[13] Christensen, K., Reviriego, P., Nordman, B., Bennett, M., Mostowfi, M., & Maestro, J. A. (2010). IEEE 802.3 az: the road to energy efficient ethernet. IEEE Communications Magazine, 48(11).
[14] Goldenberg, N., & Wool, A. (2013). Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. International Journal of Critical Infrastructure Protection, 6(2), 63-75.
[15] Swales, A. (1999). Open modbus/tcp specification. Schneider Electric, 29.
[16] Erez, N., & Wool, A. (2015). Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems. International Journal of Critical Infrastructure Protection, 10, 59-70.
[17] Bhardwaj, S., Larbig, P., Khondoker, R., & Bayarou, K. (2017, December). Survey of domain specific languages to build packet parsers for industrial protocols. In Computer and Information Technology (ICCIT), 2017 20th International Conference of (pp. 1-6). IEEE.
[18] Rodofile, N. R., Schmidt, T., Sherry, S. T., Djamaludin, C., Radke, K., & Foo, E. (2017, July). Process Control Cyber-Attacks and Labelled Datasets on S7Comm Critical Infrastructure. In Australasian Conference on Information Security and Privacy (pp. 452-459). Springer, Cham.
[19] Lei, C., Donghong, L., & Liang, M. The spear to break the security wall of S7CommPlus.
[20] Andrew Ginter. (2017). The Top 20 Cyber Attacks Against Industrial Control Systems [online] Available: https://ics-cert.us-cert.gov/sites/default/files/ICSJWG-Archive/QNL_DEC_17/Waterfall_top-20-attacks-article-d2%20-%20Article_S508NC.pdf [Accessed 2018/06/24].
[21] Rowland, C. H. (2002). U.S. Patent No. 6,405,318. Washington, DC: U.S. Patent and Trademark Office.
[22] Wilhoit, K. (2013). Who’s Really Attacking Your ICS Equipment?. Trend Micro, 10.
[23] Sinclair, C., Pierce, L., & Matzner, S. (1999). An application of machine learning to network intrusion detection. In Computer Security Applications Conference, 1999.(ACSAC'99) Proceedings. 15th Annual (pp. 371-377). IEEE.
[24] Shodan search engine. [online] Available: https://www.shodan.io/
[Accessed 2018/06/29].
[25] S7comm – The Wireshark Wiki. [online] Available: https://wiki.wireshark.org/S7comm [Accessed 2018/05/29].
[26] Simply Modbus – About Modbus TCP/IP [online] Available: http://www.simplymodbus.ca/TCP.htm [Accessed 2018/05/29].
[27] Weiss, J. (2014). Industrial Control System (ICS) cyber security for water and wastewater systems. In Securing Water and Wastewater Systems (pp. 87-105). Springer, Cham.
[28] Case, D. U. (2016). Analysis of the cyber attack on the Ukrainian power grid. Electricity Information Sharing and Analysis Center (E-ISAC).
[29] Zhu, B., Joseph, A., & Sastry, S. (2011, October). A taxonomy of cyber attacks on SCADA systems. In 2011 IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing (pp. 380-388). IEEE.