Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Industrial control protocol reverse analysis method based on active learning

A reverse analysis and active learning technology, applied in machine learning, special data processing applications, instruments, etc., can solve the problems of inaccurate and incomplete analysis results, unable to cover the protocol message format and state machine, etc., and achieve a scientific and reasonable structure. , safe and convenient to use, improve accuracy and coverage

Pending Publication Date: 2020-09-29
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT +1
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a method for reverse analysis of industrial control protocols based on active learning, which can effectively solve the traditional processing method proposed in the background technology. The samples of industrial control protocols often cannot cover all the message formats and state machines of the protocol, resulting in the failure of the analysis results. Inaccurate and Incomplete Questions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control protocol reverse analysis method based on active learning
  • Industrial control protocol reverse analysis method based on active learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0025] Example: such as figure 1 As shown, a reverse analysis method of industrial control protocol based on active learning includes the following steps:

[0026] S1, import: import the message data in the pcap file, and load all the message data into the message data set OriginalSet;

[0027] S2. Preliminary analysis: perform a reverse analysis on the algorithm to the message in the message data set OriginalSet, and obtain the preliminary industrial control protocol format and state machine;

[0028] S3. Variation: According to the preliminary analysis results, the function code field in the protocol format is mutated to generate a new message;

[0029] S4. Matching: through interactive active learning, the response message is matched with the protocol format in the preliminary analysis result, and the messages that do not match the existing protocol format are screened out and added to the message data set NewSet;

[0030] S5. Merge: perform reverse analysis on the active...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an industrial control protocol reverse analysis method based on active learning. The method comprises the steps of importing, preliminary analysis, variation, matching and merging. According to the method, an industrial control protocol pcap message sample is subjected to preliminary analysis; a partial message format and a state machine of an industrial control protocol are mastered;and then, interactive active learning is carried out with the industrial personal computer by utilizing the result to continuouslyobtain new messages, so that protocol individual lexical methods and grammars can be deduced more accurately and completely; a Needleman-Wunsch sequence alignment algorithm is adopted when reverse analysis is carried out on the protocol; according to the algorithm, a format and a state machine of a protocol are deduced through similarity scoring and optimal backtracking steps; the method is advantaged in that accuracy of the analysis result is effectivelyguaranteed, through combination with the active learning process, the response message is matched with the protocol formats in the preliminary analysis result, whether the message is matched with theprotocol formats is determined, repeated matching is carried out according to demands, and reverse accuracy and coverage of the industrial control protocol are substantially improved.

Description

technical field [0001] The invention relates to the technical field of protocol format analysis, in particular to a method for reverse analysis of industrial control protocols based on active learning. Background technique [0002] Industrial control system, referred to as industrial control system, is an automatic control system composed of computer equipment and industrial process control components. It is widely used in electric power, water treatment, oil and gas, chemical industry, transportation, manufacturing and other industries. Networking and informatization, more and more industrial control devices are connected to the network, which brings great security risks while being convenient to use. In order to eliminate these security risks, it is necessary to adopt the protocol reverse analysis method combined with fuzz testing and other technologies to detect industrial control protocols, so as to dig out whether there are security loopholes in industrial control proto...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/33G06N20/00
CPCG06F16/3331G06N20/00
Inventor 张晓明何跃鹰孙中豪张嘉玮曹可建王占丰马玮骏毛传奇
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com