• 发表刊物：IEEE Transactions on Information Forensics and Security
• 影响因子：6.3
• 摘要：Reverse engineering of agnostic industrial control protocols (ICPs) based on traffic traces is significant for the security analysis of industrial control systems. Field semantics deduction is an essential step in protocol reverse engineering following the discovery of the message field. Most existing methods rely on knowledge-based analysis for specific fields of common protocols, which require too numerous assumptions and lack semantic knowledge about ICPs. In this paper, we propose a new concept, pattern series, and design the first classification framework for inferring the semantic types of unknown ICPs. Specifically, we first present the definition of pattern series and design the field pattern series generation algorithm for building training data, then develop a field semantics classification model to learn and apply semantic features from known protocols to predict semantic types in unknown protocols. Lastly, we implement a probability-maximizing selection algorithm to obtain optimal semantic types. We demonstrate the effectiveness of the proposed method through extensive experiments with five popular ICPs, including their mixed protocols. Evaluations show that our approach significantly outperforms baseline methods in field semantic recognition, achieving ≥90.8% F1-score.
• 关键字：Industrial control systems, protocol reverse engineering, field semantics analysis
• 论文类型：CCF A类期刊
• 备注：https://ieeexplore.ieee.org/document/11000284
• 文献类型：JCR 一区
• 是否译文：否