基于状态机子图同构匹配的私有工控协议溯源

Traceability of Private Industrial Control Protocol Based on Subgraph Isomorphic Matching of Protocol State Machine

下载PDF

导出

摘要在对工业互联网设备私有工控协议进行安全分析时,溯源其采用的工控网络协议标准十分困难。文章提出一种基于状态机子图同构匹配的私有工控协议溯源方法,可快速匹配私有工控协议所采用的工控网络协议标准。该方法首先对私有工控协议流量数据进行逆向解析,通过聚类算法提取消息格式和关键字段,根据关键字段构造增广前缀树(Augmented Prefix Tree Acceptor,APTA),推断出协议状态机图;然后采用子图同构匹配算法将该状态机图与工控协议标准状态机图进行子图匹配,解决流量数据有限导致生成状态机图不完整的问题。实验结果表明,该方法溯源准确率在95%以上,可快速定位私有协议采用的工控网络协议标准,从而为进一步的安全分析提供帮助。 In the security analysis of private industrial control protocol of industrial equipment,it becomes very difficult to trace the industrial control network protocol standard.This paper proposes a traceability method of private industrial control protocol based on subgraph isomorphic matching of state machine,which can quickly match the industrial control network protocol standard adopted by private industrial control protocol.In this method,the traffic data of private industrial control protocol is reverse-parsed,the message format and key fields are extracted by clustering algorithm,and the protocol state machine graph is deduced by constructing an augmented prefix tree acceptor based on the key fields.In order to solve the problem of incomplete state machine graph generated by limited traffic data,the state machine graph is matched with the standard state machine graph of industrial control protocol by using the subgraph isomorphism matching algorithm.Experiments show that the traceability accuracy of the proposed method is more than 95%,which can quickly locate the industrial control network protocol standard adopted by private protocol,thus providing help for further security analysis.

作者宋宇波陈烨蔡义涵张波 SONG Yubo;CHEN Ye;CAI Yihan;ZHANG Bo(School of Cyber Science and Engineering,Southeast University,Nanjing 211189,China;Jiangsu Key Laboratory ofComputer Networking Technology,Nanjing 211189,China;Network Communication and Security Purple MountainLaboratory,Nanjing 211189,China;Global Energy Interconnection Research Institute Co.,Ltd.,Nanjing 210003,China)

机构地区东南大学网络空间安全学院江苏省计算机网络技术重点实验室网络通信与安全紫金山实验室国网智能电网研究院有限公司

出处《信息网络安全》 CSCD 北大核心 2022年第9期1-10,共10页 Netinfo Security

基金国家自然科学基金[61601113]。

关键词工控协议协议逆向工程状态机比对子图同构 industrial control protocol protocol reverse engineering state machine comparison subgraph isomorphism

分类号 TP309 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

1刘炜,张聪,佘维,宋轩,田钊.基于Merkle山脉的数据可信溯源方法[J].计算机应用,2022,42(9):2765-2771.
2王跃,武茂浦,刘鑫宇,邢卫强,陈端迎.船舶工控网络安全态势监测预警关键技术研究[J].科技和产业,2022,22(9):330-334. 被引量：4
3龚文浩,陈永军,郑晓忠,赵思华.基于LoRa的远距离无线监测技术研究[J].仪器仪表与分析监测,2022(3):12-16. 被引量：10
4刘晓,陈璟,王子祥.用于成对PPI网络比对的分治与整合算法[J].智能系统学报,2022,17(5):960-968. 被引量：1
5吴生文,韩贤凤,谢兰.新能源汽车实时监控系统在燃料电池汽车领域的应用[J].汽车知识,2022,22(10):58-60.
6李良,刘金龙,付伟,谢振杰.基于钩子技术的终端安全监管系统设计与实现[J].计算机科学与应用,2022,12(8):1887-1894. 被引量：1
7储苏红,刘磊.POF协议解析器[J].计算机与现代化,2022(9):93-98.
8Qiaonan Chen,Yung Hee Han,Leandro R.Franco,Cleber F.N.Marchiori,Zewdneh Genene,CMoyses Araujo,Jin-Woo Lee,Tan Ngoc-Lan Phan,Jingnan Wu,Donghong Yu,Dong Jun Kim,Taek-Soo Kim,Lintao Hou,Bumjoon J.Kim,Ergang Wang.Effects of Flexible Conjugation-Break Spacers of Non-Conjugated Polymer Acceptors on Photovoltaic and Mechanical Properties of All-Polymer Solar Cells[J].Nano-Micro Letters,2022,14(10):164-177. 被引量：3
9YAN Wenjing,ZHANG Baoyu,ZUO Min,ZHANG Qingchuan,WANG Hong,MAO Da.AttentionSplice:An Interpretable Multi-Head Self-Attention Based Hybrid Deep Learning Model in Splice Site Prediction[J].Chinese Journal of Electronics,2022,31(5):870-887.
10Hong Yin,Long Zhang,Xiangsong Ye.Nonlinear Shock Effect of China’s Fiscal Policy on Total Factor Productivity-Based on the Dual Perspective of Aggregate and Structure[J].China Finance and Economic Review,2021,10(4):77-95.

信息网络安全

2022年第9期

浏览历史

内容加载中请稍等...

基于状态机子图同构匹配的私有工控协议溯源

相关作者

相关机构

相关主题

浏览历史