Skip to main content
SpringerLink
Log in

A Data-driven Approach for Reverse Engineering Electric Power Protocols

  • Published:
Journal of Signal Processing Systems Aims and scope Submit manuscript

Abstract

Electric power protocol is a typical kind of industrial protocols, and is widely-used in electric power systems. Since most electric power protocols are private and have no public protocol specification, it poses a great challenge for security analysis and vulnerability discovery. Protocol reverse engineering makes it possible to analyze unknown or private protocols. However, previous reverse engineering methods which are proposed to analyze private protocols are not suitable for reversing engineering electric power protocols, because electric power protocols have many unique features and have more compact structures. To address this issue, we present a novel data-driven approach to infer the fields of electric power protocols. The approach leverages clustering technique to reverse-engineer the structure information of electric power protocols and a new metric is proposed to measure the distance between adjacent fields and merge fields recurrently. We use Precision, Recall and F1-measure as the evaluation metrics. Results show that our methods can infer most protocol fields of three commonly-used electric power protocols correctly. We also compare our approach with some state-of-the-art approaches, and results show that our approach performs better.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Figure 1
Figure 2
Figure 3
Figure 4

Similar content being viewed by others

References

  1. Antunes, J., Neves, N., & Verissimo, P. (2011). Reverse engineering of protocols from network traces. In 2011 18th Working Conference on Reverse Engineering, Limerick. https://doi.org/10.1109/WCRE.2011.28 (pp. 169–178).

  2. Beddoe, M.A. (2004). Network protocol analysis using bioinformatics algorithms.

  3. Bermudez, I., Tongaonkar, A., Iliofotou, M., Mellia, M., & Munafò, M.M. (2015). Automatic protocol field inference for deeper protocol understanding. In 2015 IFIP Networking Conference (IFIP Networking), Toulouse. https://doi.org/10.1109/IFIPNetworking.2015.7145307 (pp. 1–9).

  4. David, M.B., Andrew, Y.N., & Michael, I.J. (2003). Latent Dirichlet allocation. Journal of Machine Learning Research, 3(Jan), 993–1022.

    MATH  Google Scholar 

  5. Caballero, J., Yin, H., Liang, Z.K., & Song, D. (2007). Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In Proceedings of the 14th ACM conference on Computer and communications security (CCS ’07). Association for Computing Machinery, New York, NY, USA (pp. 317–329).

  6. Cohen, P., Adams, N., & Heeringa, B. (2007). Voting Experts: An unsupervised algorithm for segmenting sequences. Intelligent Data Analysis, 11(6), 607–625.

    Article  Google Scholar 

  7. Cui, W. D., Kannan, J., & Wang, H. J. (2007). Discoverer: Automatic protocol reverse engineering from network traces. In USENIX Security Symposium. 2007 (pp. 1–14).

  8. Cui, W.D., Peinado, M., Chen, K., Wang, H.J., & Irun-Briz, L. (2008). Tupni: Automatic reverse engineering of input formats. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 391–402): ACM.

  9. Gascon, H., Wressnegger, C., Yamaguchi, F., Arp, D., & Rieck, K. (2015). Pulsar: Stateful Black-Box fuzzing of proprietary network protocols. In Thuraisingham, B., Wang, X., & Yegneswaran, V. (Eds.) Security and Privacy in Communication Networks. SecureComm 2015. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Vol. 164. Cham: Springer.

  10. Kleber, S., Kopp, H., & Kargl, F. (2018). NEMESYS: Network message syntax reverse engineering by analysis of the intrinsic structure of individual messages. In 12th USENIX Workshop on Offensive Technologies (WOOT 18).

  11. Krueger, T., Gascon, H., Krämer, N., & Rieck, K. (2012). Learning stateful models for network honeypots. In Proceedings of the 5th ACM workshop on Security and artificial intelligence (AISec ’12). Association for Computing Machinery, New York, NY, USA (pp. 37–48).

  12. Krueger, T., Krämer, N., & Rieck, K. (2011). ASAP: Automatic Semantics-Aware analysis of network payloads. In Dimitrakakis, C., Gkoulalas-Divanis, A., Mitrokotsa, A., Verykios, V.S., & Saygin, Y (Eds.) Privacy and security issues in data mining and machine learning. PSDML 2010. Lecture notes in computer science, Vol. 6549. Berlin: Springer.

  13. Lin, Z.Q., Jiang, X.X., Xu, D.Y., & Zhang, X.Y. (2008). Automatic protocol format reverse engineering through context-aware monitored execution. In NDSS, (Vol. 8 pp. 1–15).

  14. Wang, Y., Yun, X., Shafiq, M.Z., Wang, L., & Li, G. (2012). A semantics aware approach to automated reverse engineering unknown protocols. In 2012 20th IEEE International Conference on Network Protocols (ICNP), Austin, TX. https://doi.org/10.1109/ICNP.2012.6459963 (pp. 1–10).

  15. Wang, Y., Zhang, Z., Yao, D., Qu, B., & Guo, L. (2011). Inferring protocol state machine from network traces: A probabilistic approach. In Lopez, J., & Tsudik, G. (Eds.) Applied Cryptography and Network Security. ACNS 2011. Lecture Notes in Computer Science, Vol. 6715. Berlin: Springer.

  16. Wang, Z., Jiang, X., Cui, W., Wang, X., & Grace, M. (2009). ReFormat: Automatic reverse engineering of encrypted messages. In Backes, M., & Ning, P. (Eds.) Computer Security – ESORICS 2009. ESORICS 2009. Lecture Notes in Computer Science, Vol. 5789. Berlin: Springer.

  17. Zhang, Z., Zhang, Z., Lee, P.P.C., Liu, Y., & Xie, G. (2014). Toward unsupervised protocol feature word extraction . IEEE Journal on Selected Areas in Communications, 32(10), 1894–1906.

    Article  Google Scholar 

  18. Chen, M., Zhang, Y., Qiu, M., & Guizani, N. (2018). Hao y.,2018 SPHA: smart personal health advisor based on deep analytics. Communications Magazine, 56(3), 164–169.

    Article  Google Scholar 

  19. Ming, Z., Liu, X.Y., Tang, F., Qiu, M., Shen, R., Shu, W., & Wu, M.Y. (2016). Public vehicles for future urban transportation. IEEE Transactions on Intelligent Transportation Systems, 17 (12), 3344–3353.

    Article  Google Scholar 

  20. Zhang, Q., Huang, T., Zhu, Y., & Qiu, M. (2013). A case study of sensor data collection and analysis in smart city: provenance in smart food supply chain. International Journal of Distributed Sensor Networks, 9(11), 382132.

    Article  Google Scholar 

  21. Gai, K., Qiu, M., Zhao, H., & Sun, X. (2018). Resource management in sustainable cyber-physical systems using heterogeneous cloud computing. IEEE Transactions on Sustainable Computing, 3(2), 60–72. 1.

    Article  Google Scholar 

  22. Qiu, M., Zhang, K., & Huang, M. (2004). An empirical study of web interface design on small display devices . In IEEE/WIC/ACM International Conference on Web Intelligence (WI’04), Beijing, China (pp. 29–35).

Download references

Author information

Authors and Affiliations

  1. State Grid Zhejiang Electric Power Co., Ltd, Hangzhou, 310007, China

    Ouyang Liu

  2. State Grid Zhejiang Electric Power Company, Zhejiang, China

    Bin Zheng

  3. State Grid Zhejiang Yuyao Electric Power Supply Company, Zhejiang, China

    Wei Sun

  4. State Grid Zhejiang Ningbo Electric Power Supply Company, Zhejiang, China

    Feipeng Luo

  5. State Grid Zhejiang Electric Power Company Quzhou Power Supply Company, Zhejiang, China

    Zhonghe Hong

  6. School of Computer Science and Engineering, Beihang University, Beijing, China

    Xiaowei Wang & Bo Li

Authors
  1. Ouyang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bin Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Feipeng Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhonghe Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Xiaowei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Bo Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ouyang Liu.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Liu, O., Zheng, B., Sun, W. et al. A Data-driven Approach for Reverse Engineering Electric Power Protocols. J Sign Process Syst 93, 769–777 (2021). https://doi.org/10.1007/s11265-021-01657-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11265-021-01657-z

Keywords

Search

Navigation