Research And Implementation Of Industrial Control Protocol Reverse Analysis System

With the development of the Internet;,more and more industrial control systems have joined the cloud service and connected to the cloud system.In the cloud,data transmission between various industrial control systems and between industrial control systems and the cloud relies on industrial control protocols.However,due to historical reasons,most industrial control agreements were previously undisclosed,and the design of the agreement was not perfect,and there were many loopholes in itself.Directly connecting the industrial control protocol to the Internet will cause industrial systems to face many security threats and bring huge losses to industrial production.Therefore,it is urgent to study the security issues of industrial control agreements and improve their security.The reverse analysis of the industrial control protocol allows us to have a better understanding of the unknown protocol,know more details about the relevant protocol,and provide support for vulnerability scanning,fuzzing,and security protection of the industrial control protocol.This thesis focuses on the reverse analysis algorithm for binary type industrial control protocol,and designs and implements the industrial control protocol reverse analysis system.The details are as follows:1.According to the characteristics of industrial control system and industrial control protocol,the existing N-Gram algorithms are improved.A reverse analysis algorithm for industrial control protocol based on binary type is proposed,which can perform fine-grained type division on binary type industrial control protocol.The algorithm consists of five parts:byte stream splitting,keyword extraction,relationship analysis,feature extraction,and classification algorithm.Among them,byte stream splitting is used to split the industrial control protocol application layer data byte stream into different elements.Keyword extraction is used to reduce the set size and retain key elements.Relational analysis is used to analyze the characteristics of elements within a collection,and analyze and calculate frequent patterns.The feature extraction is used to classify the analyzed features into feature forests for subsequent classification.The classification algorithm is used to compare and analyze the data to be classified and the characteristic forests to obtain the final Subtype classification results.2.Based on the above algorithm,this thesis designs and implements the reverse analysis system of industrial control protocol.The system can extract the application layer data of the industrial control protocol to be classified from the pcap file,display the relevant algorithm logic of the feature forest and the final classification result,and obtain the specific type of the industrial control protocol.The system test shows that the system can implement fine-grained classification of the sub-types of the binary industrial control protocol,and the result of the classification can present a tree-like logical structure,which can provide support for subsequent vulnerability scanning and security protection for industrial control protocols.