Dianzi Jishu Yingyong (Apr 2018)
Research on non-standard industrial control protocol formats reverse
Abstract
Correct non-standard protocol format recognition is the foundation of protocol security analysis, which is an important part of industrial control system(ICS) information security content. Due to current situation of ICS and protocol features of structure determination, transmission repeat and semantic limited, a method based on net-trace is proposed. The formats of protocol are gotten by single message processing for a preliminary clustering, packet processing for sequence alignment, key fields to infer semantics. Verification results show that the method can reverse recognition non-standard ICS protocol format.
Keywords
