Industrial control protocol reverse analysis method based on active learning

Abstract

The invention discloses an industrial control protocol reverse analysis method based on active learning. The method comprises the steps of importing, preliminary analysis, variation, matching and merging. According to the method, an industrial control protocol pcap message sample is subjected to preliminary analysis; a partial message format and a state machine of an industrial control protocol are mastered;and then, interactive active learning is carried out with the industrial personal computer by utilizing the result to continuouslyobtain new messages, so that protocol individual lexical methods and grammars can be deduced more accurately and completely; a Needleman-Wunsch sequence alignment algorithm is adopted when reverse analysis is carried out on the protocol; according to the algorithm, a format and a state machine of a protocol are deduced through similarity scoring and optimal backtracking steps; the method is advantaged in that accuracy of the analysis result is effectivelyguaranteed, through combination with the active learning process, the response message is matched with the protocol formats in the preliminary analysis result, whether the message is matched with theprotocol formats is determined, repeated matching is carried out according to demands, and reverse accuracy and coverage of the industrial control protocol are substantially improved.

Description

technical field [0001] The invention relates to the technical field of protocol format analysis, in particular to a method for reverse analysis of industrial control protocols based on active learning. Background technique [0002] Industrial control system, referred to as industrial control system, is an automatic control system composed of computer equipment and industrial process control components. It is widely used in electric power, water treatment, oil and gas, chemical industry, transportation, manufacturing and other industries. Networking and informatization, more and more industrial control devices are connected to the network, which brings great security risks while being convenient to use. In order to eliminate these security risks, it is necessary to adopt the protocol reverse analysis method combined with fuzz testing and other technologies to detect industrial control protocols, so as to dig out whether there are security loopholes in industrial control proto...

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method for reverse analysis of industrial control protocols based on active learning, which can effectively solve the traditional processing method proposed in the background technology. The samples of industrial control protocols often cannot cover all the message formats and state machines of the protocol, resulting in the failure of the analysis results. Inaccurate and Incomplete Questions

Images