Research And System Implementation Of Industrial Internet Protocol Identification And Analysis Methods

The industrial Internet breaks through the limitations of a single industry and realizes the integration of industries.It is an important part of the national 14 th Five-Year Plan for industrial ecological construction.The Industrial Internet uses industrial control system protocols for data interaction,realizes the communication between components in cyberspace and physical space,and plays an important role in promoting the interconnection of industrial systems and equipment information.The characteristics of large differences and unknown formats of industrial control protocols make it impossible to realize information exchange between different protocol systems.It is urgent to propose a method for the identification and analysis of industrial Internet protocols to deal with the problem of information fusion between differentiated protocols.Existing research on the identification and analysis of industrial Internet protocols divides protocol data into multiple feature segments with different meanings based on field characteristics,aggregates protocol data with similar feature segments into the same category,mines the correlation of feature segments,and extracts the corresponding protocol format.However,the research still has the following shortcomings: The coarse-grained division method cannot accurately describe the protocol data,and it is difficult to ensure the accuracy of the known protocol identification.When the clustering algorithm deals with unknown protocols,it is forcibly divided into known protocol categories,so the identification of unknown protocols cannot be realized.Protocol analysis adopts a single mining method,which cannot meet the precision requirements of complex protocol analysis.In view of the low accuracy of known protocol identification and the inability to identify unknown protocols,this thesis proposes an industrial control protocol “N+1”identification algorithm,which describes protocol identification as a text classification problem,and adopts a more fine-grained feature segment division method to achieve that Identification of many known protocols and one unknown protocol.The method divides the protocol data into a plurality of word segments with different lengths according to the protocol field format.In order to distinguish the meaning of the word segments,the location information of the word segments in the protocol field format is introduced to improve the accuracy of the known protocol identification.For the identification of unknown protocols,a two-stage training method is proposed.The known protocol identification model and the minimum protocol identification threshold are obtained respectively,and the unknown protocol is identified by comparing the classification results and the threshold.Experiments show that the classification accuracy of known protocol scenarios is improved by 15% on average compared to IPART and Netzob methods,the classification accuracy of unknown protocol scenarios is90%,and the classification accuracy is 95%.Aiming at the problem of low protocol analysis accuracy,this thesis proposes a multi-level protocol parsing algorithm based on field states,uses field characteristics to classify fields into special and non-special states,and uses statistical methods to infer the field semantics of special states.The fields are divided into state change fields and state unchanged fields.Mining method is used to judge the semantics of state-changing fields,boundary exploration method is proposed to realize boundary division and semantic inference of stateinvariant fields,and verification algorithm is used to correct field semantics.The algorithm integrates multiple parsing methods by using the field state to improve the accuracy of protocol parsing.Experiments show that,compared with the Differential grouping and MSERA methods,the method in this thesis improves the Modbus protocol parsing accuracy by 15%on average,DNP protocol parsing accuracy by 23% on average,and S7 protocol parsing accuracy by 19.5% on average.Based on the above algorithms,an industrial protocol identification and analysis system is designed and implemented,which includes functions such as storage and processing of industrial data,protocol identification,protocol analysis,and monitoring of protocol usage in industrial control networks.The functional requirements and performance requirements of the system are tested,and the test proves that the system can quickly handle the task of protocol identification and parsing,which proves the practicability of the method in the system.