Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for in-depth identification of GE private protocol

A proprietary protocol and identification method technology, applied in the field of GE proprietary protocol in-depth identification methods and devices, can solve the problems of identification only based on ports, the protocol cannot be identified, and no source is provided.

Active Publication Date: 2022-05-20
北京惠而特科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the industry's private protocol identification for GE (Industrial Ethernet) is only based on ports or cannot be identified
The whole process controls the PLC through the PC computer side, and bypasses the deployment of protocol audit equipment; the port recognizes the GE protocol or only recognizes the TCP / IP protocol and the port number. The protocol itself has very few public resources, and the protocol itself is only understood through the interface operation protocol. Unidentifiable by audit
That is, the content of GE’s private protocol cannot be recognized; the key value of the PLC protocol through the PC computer terminal cannot be recognized; when a hacker intrudes on the PC computer terminal to operate the PLC and a malicious incident occurs, there is no ability to provide source information; for misoperation, malicious operation of the PLC behavior Auditing is not possible, only session records from source IP to destination IP can be recorded

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for in-depth identification of GE private protocol
  • A method and device for in-depth identification of GE private protocol
  • A method and device for in-depth identification of GE private protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] see figure 1 , figure 2 and image 3 , Embodiment 1 of the present invention provides a GE private protocol depth identification method, comprising the following steps:

[0038] S1, identifying the protocol type of GE and PLC port communication, the protocol type includes public protocol and private protocol;

[0039] S2. When the protocol type of the GE and PLC port communication is identified as a public protocol, according to the type of the public protocol, a corresponding identification engine is used for data processing;

[0040] S3. When the protocol type of the GE and PLC port communication is identified as a private protocol, the GE and PLC communication is performed in the sandbox virtual environment, and the private protocol action is restored through the message reverse algorithm after the communication flow is mirrored;

[0041] S4. Simulate and verify the restored private protocol actions, put the verified private protocol actions into the industrial p...

Embodiment 2

[0065] see Figure 4 , Embodiment 2 of the present invention provides a GE private protocol depth identification device, using the GE private protocol depth identification method of Embodiment 1 or any possible implementation thereof, including:

[0066] The protocol type identification module 1 is used to identify the protocol type of GE and PLC port communication, and the protocol type includes public protocol and private protocol;

[0067] Public protocol data processing module 2, for when the protocol type of said GE and PLC port communication is identified as a public protocol, according to the type of said public protocol, a corresponding identification engine is used to process data;

[0068] The private protocol action restoration module 3 is used to perform GE and PLC communication in the sandbox virtual environment when the protocol type of the GE and PLC port communication is identified as a private protocol, mirroring the communication traffic and performi...

Embodiment 3

[0073] Embodiment 3 of the present invention provides a computer-readable storage medium, the computer-readable storage medium stores the program code of the GE proprietary protocol depth identification method, and the program code includes the program code used to implement Embodiment 1 or any possible implementation thereof Instructions for the GE proprietary protocol depth identification method.

[0074] The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server, a data center, etc. integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a solid state disk (SolidStateDisk, SSD)) and the like.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method and device for in-depth identification of GE private protocol, identifying the protocol type of communication between GE and PLC port, when the protocol type of communication between GE and PLC port is identified as a public protocol, according to the type of public protocol, a corresponding identification engine is used to perform data processing Processing; when the protocol type of communication between GE and PLC ports is identified as a private protocol, the communication between GE and PLC is carried out in the sandbox virtual environment, and the communication flow is mirrored, and the private protocol action is restored through the message reverse algorithm; the restored private Protocol actions are simulated and verified, and the verified private protocol actions are put into the industrial protocol identification engine library, and instruction identification rules are established at the same time. The present invention allows the management to intuitively see the protocol interaction process; sees the time, IP source, and cause of the danger when danger occurs, and can give an alarm in time; can identify the method of interaction between GE and PLC, and completely analyze the behavior of the PLC.

Description

technical field [0001] The invention relates to the technical field of communication protocol processing, in particular to a method and device for in-depth identification of GE private protocols. Background technique [0002] Since the first PLC was successfully applied on the GM automobile production line for the first time, PLC has been widely used due to its convenience, reliability and low price. But PLC is a black box, and cannot observe the control process intuitively in real time. The development and popularization of computer technology has provided new technical means for PLC. The control process and results of PLC can be monitored through computers, but the communication media and communication protocols of PLC are different. [0003] At present, the industry's identification of GE (Industrial Ethernet) private protocols is only based on ports or cannot be identified. The whole process controls the PLC through the PC computer side, and bypasses the deployment of ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L69/18H04L67/1095
CPCH04L69/18H04L67/1095Y02P90/02
Inventor 李生晶谭曙光
Owner 北京惠而特科技有限公司