In softwarized industrial networking, honeypot identification is very important for both the attacker and the defender. Existing honeypot identification relies on simple features of honeypot. There exist two challenges: The simple feature is easily simulated, which causes inaccurate results, whereas the advanced feature relies on high interactions, which lead to security risks. To cope with these challenges, in this article, we propose a secure fuzzy testing approach for honeypot identification inspired by vulnerability mining. It utilizes error handling to distinguish honeypots and real devices. Specifically, we adopt a novel identification architecture with two steps. First, a multiobject fuzzy testing is proposed. It adopts mutation rules and security rules to generate effective and secure probe packets. Then, these probe packets are used for scanning and identification. Experiments show that the fuzzy testing is effective and corresponding probe packet can acquire more features than other packets. These features are helpful for honeypot identification.

中文翻译：

---

软化工业网络物理系统中的蜜罐识别

在软化的工业网络中，蜜罐识别对于攻击者和防御者都非常重要。现有的蜜罐识别依赖于蜜罐的简单功能。存在两个挑战：简单的功能易于模拟，这会导致结果不准确；而高级功能则依赖于高度的交互，这会带来安全风险。为了应对这些挑战，在本文中，我们提出了一种安全的模糊测试方法，用于基于漏洞挖掘的蜜罐识别。它利用错误处理来区分蜜罐和真实设备。具体来说，我们采用一种新颖的标识体系结构，分两步进行。首先，提出了一种多目标模糊测试。它采用变异规则和安全规则来生成有效且安全的探测数据包。然后，这些探测包用于扫描和识别。实验表明，模糊测试是有效的，对应的探测包比其他探测包具有更多的特征。这些功能有助于识别蜜罐。