| In recent years,with the rapid development of the Internet,more and more industries have joined the tide of the development of the Internet.With the rapid addition of the Industrial Control System(ICS),the security problem of industrial control protocol has also been exposed to the public.All kinds of information transfer in the industrial control system depends on the industrial control protocol.A series of protection measures for the industrial control system are based on the premise of understanding the protocol specification.However,there are a large number of proprietary protocols in the current industrial control system,whose contents have not been disclosed.Although proprietary protocols can protect users’ information to a certain extent,they also cause great obstacles to researchers.If researchers want to make better use of industrial control private protocols,they must understand their protocol specifications.With the deepening of the reverse analysis of industrial control private protocol,the traditional manual analysis can no longer meet the needs of researchers in terms of efficiency and accuracy.How to realize efficient and accurate semantic analysis and inference of the protocol has become an urgent problem to be solved.Therefore,this thesis will study the industrial control private protocol and design an efficient and accurate protocol reverse method to infer the format and semantics of the protocol.Industrial control private protocol is different from traditional protocol and has its own particularity.The research on industrial control private protocol is mainly faced with the following problems:there is no clear separator between the protocol fields,so it is not easy to divide the protocol fields when dividing the fields;protocol format is difficult to extract,there are often incomplete format extraction or format extraction error;the semantic information of industrial control private protocol field cannot be extracted accurately.Based on the analysis of the characteristics of industrial control private protocol,this thesis proposes a set of reverse research methods for industrial control private protocol,and finally realizes the format division and semantic analysis of industrial control private protocol.In order to solve the problem that the field of industrial control protocol is difficult to be divided,this thesis adopts N-gram algorithm based on natural language processing,and proposes to use multiple N values to divide the protocol field of the packet.In order to solve the problem of how to divide protocol format correctly,this thesis proposes a method of clustering first and then partitioning.Firstly,LDA topic model is used to annotate the packet probabilistically.Secondly,DBSCAN clustering algorithm and BIRCH clustering algorithm were used to cluster the packets.Then,the format of packets is divided by expert voting algorithm and progressive multiple sequence comparison algorithm.Finally,the basic characteristics and field semantic information of industrial control protocol are summarized to obtain more accurate semantic analysis and complete the reverse study of protocol message.Experimental results show that the method designed in this thesis can efficiently and accurately divide protocol fields and infer some semantics. |
PDF Full Text Request