Journal:IEEE Transactions on Dependable and Secure Computing

Impact Factor:7.5

Abstract:Industrial control protocols (ICPs) play a significant role in ensuring dependable interconnection among devices in industrial environments. Protocol reverse engineering (PRE) techniques are commonly used to analyze a large number of agnostic and proprietary protocols based on network traffic traces or programs. However, conventional PRE methods face several challenges in reversing ICPs with complex data representations that contain rich structural features. In this work, we present a new perspective on message representation using the graph, and design a syntax inference framework for ICPs reverse analysis (InSyfer). Specifically, we propose a novel method to construct a single message graph for entire traces, automatically extracting syntactical similarity features. We also design an adaptive message clustering model that abstracts the clustering problem into a binary pairwise-classification framework to judge whether pairs of messages belong to the same groups and jointly optimizes it with feature extraction. The above design enables InSyfer to accurately identify message types and greatly improves the correctness of protocol format inference. We conduct extensive experiments to verify the effectiveness of InSyfer. Evaluations of four standard ICPs and two unknown protocols demonstrate that InSyfer outperforms the state-of-the-art PRE methods.

Key Words:Industrial control systems, message clustering, protocol reverse engineering, syntax analysis

Indexed by:SCI JCR Q1

Note:https://ieeexplore.ieee.org/document/11122642

Discipline:Engineering

Document Type:JCR 一区

First-Level Discipline:Computer Science and Technology

Translation or Not:no