摘要
协议安全是工业控制系统信息安全中的一项重要内容,非标协议格式的正确识别是协议安全分析的基础。基于工控系统行业现状和工控协议的结构确定、传输重复、语义有限的特性,提出了基于网络流量的非标准工控协议逆向识别方法,通过单报文处理进行初步分词聚类,多报文处理进行报文序列比对,关键字段推断语义,最终得到协议格式。验证结果表明,该方法能较好地识别非标工控协议格式。
Correct non-standard protocol format recognition is the foundation of protocol security analysis,which is an important part of industrial control system(ICS)information security content.Due to current situation of ICS and protocol features of structure determination,transmission repeat and semantic limited,a method based on net-trace is proposed.The formats of protocol are gotten by single message processing for a preliminary clustering,packet processing for sequence alignment,key fields to infer semantics.Verification results show that the method can reverse recognition non-standard ICS protocol format.
作者
程必成
刘仁辉
赵云飞
许凤凯
Cheng Bicheng;Liu Renhui;Zhao Yunfei;Xu Fengkai(National Engineering Laboratory for Industrial Control System Information Security Technology,National Computer System Engineering Research Institute of China,Beijing 100083,China)
出处
《电子技术应用》
2018年第4期126-129,共4页
Application of Electronic Technique
关键词
非标工控协议
协议逆向
网络流量
序列比对
语义推断
non-standard industrial control protocol
protocol reverse
net-trace
sequence alignment
semantic inference
