| The industrial control protocol is an important part of the industrial control system,and the design specification of the industrial control protocol is closely related to the security of the system.However,the specifications of some industrial control protocols have not been published,and some protocols have not been designed with security issues in mind,and there are many loopholes.Once a security accident occurs,due to the lack of understanding of the protocol design specifications and the inability to accurately locate the problem,it will cause industrial production problems.cause huge losses.Also,access protocol specifications are required for many tasks,including analyzing botnets,building honeypots,defining network intrusion detection rules,and fuzzing protocol implementations.Therefore,it is urgent to study the unknown industrial control protocol,infer its protocol specification,and learn more details of the protocol design.The protocol reverse technology can roughly infer the packet structure of the protocol and the semantics of some fields based on the network packet or binary program,and obtain the protocol specification.This thesis uses network packets to extract protocol specifications.In view of the low efficiency of feature recognition,low accuracy of format inference and high false positive rate in the current protocol reverse process,this thesis designs and implements a reverse analysis system for industrial control protocols.This system encapsulates the reverse analysis algorithm for industrial control protocols,aiming to infer the protocol specifications of private protocols more accurately.The main research contents of This thesis are as follows:A reverse analysis algorithm of industrial control protocol based on association rule analysis and sequence alignment is proposed.In the protocol format feature extraction stage,the algorithm not only improves the efficiency of this stage,but also can quickly mine the key features of the protocol format by using this algorithm.Secondly,in the format extraction stage,the algorithm improves the accuracy of the identification of the protocol field boundary.Finally,this paper improves the FD semantic field recognition algorithm in Discoverer,which can locate and identify FD fields more accurately.On the basis of the reverse analysis algorithm of industrial control protocol,a system for reverse analysis of industrial control protocol is designed.The system mainly collects industrial control traffic into Pcap packets for reverse analysis,and can analyze different Pcap packets in multiple tasks.After the task analysis is completed,the protocol message structure can be displayed and the message structure can be stored in an XML file.Finally,the system can also generate a task analysis report in the form of Word,which can be downloaded by users. |
PDF Full Text Request