| Industrial control system is used to guarantee reliable and stable production process.With the development of industrial internet,industrial control systems are more open to the Internet,making the systems much more vulnerable to malicious attacks from the network.Industrial control protocol undertakes important functions such as data transmission and command issuing in the industrial control system.The functions make the protocol significant in the research of network attack and defense in industrial control system.On the one hand,attackers can use the industrial control protocol to deploy attack;on the other hand,security researchers can also make use of the protocol to build defense and detection systems.Yet most of the industrial control protocols are private binary protocols with protocol specification remaining unknown,hindering the security research of industrial control system.Therefore,it is significant to develop a method of industrial control protocol automatic reverse anlaysis.The thesis investigates the releated work of protocol reverse analysis for both Internet protocol and industrial control protocol.After analyzing the shortcomings of existing methods,we propose a method to improve the accuracy of protocol field boundary recognization,and a method to automatic generate protocol description model.The specific work is as follow:1.A basic-block-granular industrial control protocol field boundary reverse algorithm is designed.Based on the protocol dynamic taint analysis platform,we add more instrumentation rules to capture the information of basic block and instrument during the process of the protocol message.Then we divide the basic blocks to different logic blocks according to the designed rules.Finally,a tree representing the correspondence of logic blocks and protocol message bytes is established and the field boundaries are then recognized.2.An automatic protocol field semantic identification method is designed.By mutating the value of the protocol message field and observing the change of the program execution traj ectory,we can quickly determine whether the field is a key field that affects the protocol function.For more specific field semantics,we divide key fields into 4 categories and design rules according to the instrument feature of the fields to automatically recognize them.3.A method for generating protocol description model is designed.The reverse analysis result of single protocol message is designed to be recorded with a xml format file.After collecting enough records,a protocol description model is simplified according to the field syntax and semantic.More specifically,we propose a system to automatically generate DataModel describing industrial control protocol for Peach Fuzzer. |
PDF Full Text Request