Sub-messages extraction for industrial control protocol reverse engineering

Liu，Yuhuan1,2; Zhang，Fengyun1,2; Ding，Yulong1,2; Jiang，Jie1,2; Yang，Shuang Hua1,3

2022-10-01

10.1016/j.comcom.2022.07.025

COMPUTER COMMUNICATIONS   Impact Factor & Quartile

0140-3664

1873-703X

The Industrial Internet of Things (IIoT) connects various industrial devices and processes for smart manufacturing purposes. The industrial devices and processes may employ standard or private communication protocols. Protocol Reverse Engineering (PRE) can infer the format of the unknown protocol by analyzing traffic traces. Existing work in the field mainly focuses on Internet protocol only, handling text messages. PRE for industrial control protocols is difficult and particularly designed for IIoT for real-time interconnection among industrial devices. Given the phenomenon that many consecutive sub-messages are often embedded in a lengthy message payload and have a similar format, a novel sub-messages extraction algorithm is proposed in this work by using template iteration as an intermediate step to form a full message format inference framework. An improved evaluation criterion is also proposed to evaluate the sub-messages extraction results. We carry out our algorithm on three standard industrial control protocols and two unknown protocols. Experiments show that adding our sub-messages extraction in PRE for IIoT can greatly improve the accuracy of the overall protocol format inference compared with the existing work.

Industrial control protocol Industrial Internet of Things Protocol message format Protocol reverse engineering

EI

English

First ; Corresponding

Department of Education of Guangdong Province[2019KZDZX1018];Science and Technology Planning Project of Guangdong Province[2021A0505030001];National Natural Science Foundation of China[61873119];National Natural Science Foundation of China[92067109];Shenzhen Science and Technology Innovation Program[ZDSYS20210623092007023];

20223112456635

Extraction ; Inference engines ; Internet protocols ; Iterative methods ; Reverse engineering

Data Communication, Equipment and Techniques:722.3 ; Computer Software, Data Handling and Applications:723 ; Expert Systems:723.4.1 ; Chemical Operations:802.3 ; Numerical Methods:921.6

COMPUTER SCIENCE

2-s2.0-85134887253

Scopus

1.Shenzhen Key Laboratory of Safety and Security for Next Generation of Industrial Internet,Southern University of Science and Technology,Shenzhen,China
2.Department of Computer Science and Engineering,Southern University of Science and Technology,Shenzhen,China
3.Department of Computer Science,University of Reading,Reading,United Kingdom

Liu，Yuhuan,Zhang，Fengyun,Ding，Yulong,et al. Sub-messages extraction for industrial control protocol reverse engineering[J]. COMPUTER COMMUNICATIONS,2022,194:1-14.

Liu，Yuhuan,Zhang，Fengyun,Ding，Yulong,Jiang，Jie,&Yang，Shuang Hua.(2022).Sub-messages extraction for industrial control protocol reverse engineering.COMPUTER COMMUNICATIONS,194,1-14.

Liu，Yuhuan,et al."Sub-messages extraction for industrial control protocol reverse engineering".COMPUTER COMMUNICATIONS 194(2022):1-14.