摘要
针对近年来工控网络中私有协议的广泛应用,给安全研究带来许多挑战,提出基于隐马尔可夫模型的私有协议自主学习方法,仅通过流量数据得到私有协议报文结构的有限状态机模型。并且针对Baum-Welch算法需要先验知识的缺点,基于因果态分割重建算法的思想,设计出求解私有协议报文结构ε机模型的CAPP算法,避免了局部最优和由于缺乏先验知识所产生的参数选择问题;通过公有协议FTP、Modbus TCP以及私有协议WDB RPC对方法的有效性进行了实验验证。最后讨论了下一步的研究方向。
For private protocol is widely used in industrial control network in recent years,it takes many problems for safety research. This paper proposed private protocol autonomous learning method based on hidden Markov models( HMM). This method got packet structure of finite state machine model through network traces. Against disadvantages of Baum-Welch algorithm,it designed the CAPP algorithm based on the causal-state splitting reconstruction( CSSR) algorithm to get the ε-machine of private protocol message formats,to avoid the local optimum and the problem of parameter selection on account of the lack of prior knowledge. And through the test on public protocol FTP,Modbus TCP and private protocol WDB RPC to prove the validity of the method. The next step research direction were also discussed.
出处
《计算机应用研究》
CSCD
北大核心
2017年第12期3779-3783,共5页
Application Research of Computers
基金
国家自然科学基金青年基金资助项目(61403397)
陕西省自然科学基础研究计划资助项目(2015JM6313)
