Abstract: The HaoTian industrial honeypot system is an active deception defense product based on industrial control environment independently developed by CloudSky Security technology company. The system design adopts a purely passive working mode, which can be deployed in various industrial scenes through customization. The system uses multiple types of bait probes to build a honeynet to lure attackers to attack, so as to find attack events in time and generate threat alarm. The system captures and analyzes the attack behavior, understands the tools and methods used by the attacker, and speculates the attack intention and motivation. Clearly understanding the security threats faced by the industrial network can enhance the security protection ability of the actual industrial system through technical and management means. The product can be widely used in petrochemical, energy, transportation, water, municipal and other industrial scenes to help enterprises effectively reduce and avoid security risks.

Key words: industrial control system, industrial honeypot, active defense, shadow network, high-low interaction, dynamic deployment

摘要： 昊天工控蜜罐系统是云天安全自主研发的基于工控环境的主动欺骗防御型产品.系统设计采用纯被动工作方式，可通过定制化方式批量部署于各工业场景.系统使用多类型诱饵探针构建蜜网，诱使攻击者实施攻击，从而及时发现攻击事件，产生威胁告警.系统对攻击行为进行捕获分析，了解攻击者所使用的工具与方法，推测攻击意图和动机.清晰了解工业网所面对的安全威胁便于通过技术和管理手段增强实际工业系统的安全防护能力.产品可广泛用于石油化工、能源、交通、水务、市政等工业场景，帮助企业有效降低和规避安全风险.

关键词: 工业控制系统, 工控蜜罐, 主动防御, 影子网络, 高低交互, 动态部署