Industrial control protocol grammar reverse analysis method under basic block granularity based on instrumentation

A technology of reverse analysis and basic blocks, applied in software engineering design, program code conversion, instruments, etc., can solve problems such as time-consuming, inability to accurately divide field boundaries, and multiplied difficulty of protocol reverse

Pending Publication Date: 2021-06-04
ZHEJIANG UNIV +2
View PDF0 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For researchers in the security field, this means that they need to obtain protocol format information through various methods - software reverse, data comparison, etc., and this process will undoubtedly take a lot of time
In addition, industrial control protocols usually use binary protocols, the format of which has strict regulations, and semantic information is hidden, making it more difficult to manu

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control protocol grammar reverse analysis method under basic block granularity based on instrumentation
  • Industrial control protocol grammar reverse analysis method under basic block granularity based on instrumentation
  • Industrial control protocol grammar reverse analysis method under basic block granularity based on instrumentation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be described in further detail below in conjunction with the accompanying drawings and specific embodiments.

[0047] The basic structure of the present invention is as figure 1As shown, in the embodiment of the present invention, the binary executable program of the industrial control protocol to be tested is used as the input of the program stub module, and the stub module is developed using Pin, and the callback function of the instruction, basic block and function granularity is customized through the c++ language, and the received The industrial control protocol message data is used as the taint source data, and the taint propagation and program running context recording are carried out during the dynamic running of the program. After using Pin to dynamically run the program, send the message to be analyzed to the corresponding network port through the script, and the instrumentation module monitors and dynamically writes the program oper...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an industrial control protocol grammar reverse analysis method under basic block granularity based on instrumentation, and the method specifically comprises the steps: carrying out the dynamic instrumentation of an instruction, a basic block and a function granularity of a binary executable program of an industrial control protocol; and recording taint propagation information of instruction granularity and basic block granularity, function granularity, logic judgment and jump information in a dynamic taint analysis process, and generating a program runtime log file. And performing reordering and correlation analysis algorithms on the log file to realize industrial control protocol field boundary recognition under the basic block granularity. Compared with a field boundary recognition method under the function granularity, the method has the advantages that more program context information under the basic block granularity can be obtained, so that different fields processed under the same function are recognized, and the field boundary recognition precision is improved.

Description

technical field [0001] The invention relates to the technical field of industrial communication network protocols and protocol reverse engineering, in particular to a reverse analysis method for industrial control protocol syntax at basic block granularity based on stub insertion. Background technique [0002] As an important part of the network topology of modern industrial control systems, industrial control protocols are of great significance in the research of industrial control system security. The security research on industrial control protocols can be roughly divided into two parts: protocol ontology security research and protocol security application. Among them, a hot field of protocol ontology security research is the fuzzing test of the protocol implementation program: by presetting a certain protocol input format as a seed, the fuzzing tool can generate different inputs to test the buffer existing in the protocol implementation program Vulnerabilities such as o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F8/41
CPCG06F8/425
Inventor 程鹏谢一松汪慕峰刘可周劼英郭志民张伟剑吕卓
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap