• 发表刊物：IEEE Transactions on Dependable and Secure Computing
• 影响因子：7.5
• 摘要：Industrial control protocols (ICPs) play a significant role in ensuring dependable interconnection among devices in industrial environments. Protocol reverse engineering (PRE) techniques are commonly used to analyze a large number of agnostic and proprietary protocols based on network traffic traces or programs. However, conventional PRE methods face several challenges in reversing ICPs with complex data representations that contain rich structural features. In this work, we present a new perspective on message representation using the graph, and design a syntax inference framework for ICPs reverse analysis (InSyfer). Specifically, we propose a novel method to construct a single message graph for entire traces, automatically extracting syntactical similarity features. We also design an adaptive message clustering model that abstracts the clustering problem into a binary pairwise-classification framework to judge whether pairs of messages belong to the same groups and jointly optimizes it with feature extraction. The above design enables InSyfer to accurately identify message types and greatly improves the correctness of protocol format inference. We conduct extensive experiments to verify the effectiveness of InSyfer. Evaluations of four standard ICPs and two unknown protocols demonstrate that InSyfer outperforms the state-of-the-art PRE methods.
• 关键字：Industrial control systems, message clustering, protocol reverse engineering, syntax analysis
• 论文类型：SCI JCR Q1
• 备注：https://ieeexplore.ieee.org/document/11122642
• 学科门类：工学
• 文献类型：JCR 一区
• 一级学科：计算机科学与技术
• 是否译文：否