Abstract
Nowadays industrial controls systems (ICS) are becoming more and more robust and intelligent, owing to the development of industrial networking technology. While, on the other hand, security issues arise and pose great challenges. Among these issues, the security of ICS protocols receives the attention from both academy and industry in recent years. Due to the close and proprietary nature of industrial protocols, it is difficult to conduct protocol analysis and protection on these protocols. To address this issue, we propose a novel protocol analysis framework, named ICS-PAS, for ICS protocols. ICS-PAF could differentiate unknown protocols and their command types, extract protocol format and recognize the data types of protocol payloads. In addition, ICS-PAF could also infer and model the state transition of ICS protocols. ICS-PAS requires no prior knowledge and could deal with binary protocols. We also conduct comprehensive experiments to verify the performance of ICS-PAS. The results show that ICS-PAS outperforms traditional approaches in terms of recognition accuracy and efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kang, H.-J., Kim, M.-S., Hong, J.W.-K.: A method on multimedia service traffic monitoring and analysis. In: Brunner, M., Keller, A. (eds.) DSOM 2003. LNCS, vol. 2867, pp. 93–105. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39671-0_9
Sen, S., Spatscheck, O., Wang, D.: Accurate scalable in-network identification of P2P traffic using application signature. In: Proceedings of the 13th International Conference on World WideWeb, Madrid, pp. 512–521 (2004)
Cui, W., Kannan, J., Wang, H.J.: Discover: automatic protocol reverse engineering from network traces. In: Proceeding of 16th USENIX Security Symposium on USENIX Security Symposium, Austin, pp. 1–14 (2007)
Gopalratnam, K., Basu, S., Dunagan, J., Wang, H.: Automatically extracting fields from unknown network protocols. In: First Workshop on Tackling Computer Systems Problems with Machine Learning Techniques
Liang: Clustering-based network application recogniztion system. Master thesis, Shandong University, China
Freund, Y., Schapire, R.: A short introduction to boosting. J. Jpn. Soc. Artif. Intell. 14(5), 771–780 (1999)
Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins (1970)
Pan, F., Hong, Z., Du, Y.: Efficient protocol reverse method based on network trace analysis. Int. J. Dig. Content Technol. Appl. 20(6), 201–210 (2012)
Jianzhen, L., Shunzheng, Y.: Position-based automatic reverse engineering of network protocols. J. Netw. Comput. Appl. 36, 1070–1077 (2013)
Lin, Z., Jian, X., Xu, D., Zhang, X.: Automatic protocol format reverse engineering through context-aware monitored execution. In: 15th Symposium on Network and Distributed System Security (NDSS). Internet Society (2008)
Netzob. https://github.com/netzob/netzob. Accessed 3 Nov 2017
Acknowledgement
The authors gratefully acknowledge the anonymous reviewers for their helpful suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Wang, J., Zhou, L., Lu, X., Ying, H., Wang, H. (2018). Towards a Novel Protocol Analysis Framework for Industrial Control Systems. In: Qiu, M. (eds) Smart Computing and Communication. SmartCom 2017. Lecture Notes in Computer Science(), vol 10699. Springer, Cham. https://doi.org/10.1007/978-3-319-73830-7_44
Download citation
DOI: https://doi.org/10.1007/978-3-319-73830-7_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73829-1
Online ISBN: 978-3-319-73830-7
eBook Packages: Computer ScienceComputer Science (R0)