Industrial control protocol field and semantic reverse inference method

Abstract

The invention discloses an industrial control protocol field and semantic reverse inference method. The method comprises the steps of importing, classifying, analyzing and matching. The structure is scientific and reasonable, safe and convenient use, messages are classified according to source IP addresses and lengths of the messages; classifying the messages with the same IP address and length into the same set; analyzing the messages of each type of sets byte by byte; and comparing the features of part of semantics with the features of bytes, wherein the bytes matched with the correspondingsemantics in the analyzed message are independent fields, and the semanteme of the field is the corresponding semanteme, so that the field and semanteme reverse inference of the industrial control protocol is realized, the problem of semantic analysis failure caused by inaccurate field division is solved, the lexical method and grammar of the protocol are accurately inferred, and the correctness of an analysis result is ensured.

Description

technical field [0001] The invention relates to the technical field of protocol format analysis, in particular to an industrial control protocol field and semantic reverse inference method. Background technique [0002] Industrial control system is an automatic control system composed of computer equipment and industrial process control components, widely used in electric power, water treatment, oil and gas, chemical industry, transportation, manufacturing and other industries. With the networking and informatization of industrial control systems, more and more industrial control devices are connected to the network, which brings great security risks while being convenient to use. In order to eliminate these security risks, it is necessary to use protocol reverse analysis Method, combined with fuzzy testing and other technologies to detect the industrial control protocol, so as to dig out whether there are security loopholes in the industrial control protocol. [0003] The ...

AI Technical Summary

Problems solved by technology

[0003] The reverse analysis of unknown industrial control protocols mainly adopts the analysis method based on network traffic. This method is relatively general. It only needs to import the communication samples of the industrial control protocol into the analysis system in the form of pcap, and then the format of the industrial control protocol can be obtained by reverse analysis. And the state machine, the traditional method is to divide the message into fields first, and then infer the semantics of the fields according to the characteristics of each data in the fields. This method will cause the semantic analysis to fail due to the inaccurate field division. Combining the division of fields and the identification of semantics to analyze the lexical and grammar of the message, especially the semantic fields such as sequence number, timestamp, length, and check code have obvious characteristics, and the message can be analyzed based on these field features. Content matching, so as to realize the optimization and improvement of the industrial control protocol analysis results, therefore, a method for reverse inference of industrial control protocol fields and semantics is needed to solve the problems existing in the existing technology

Images