| With the rapid development of the Internet,the industrial field has gradually begun to use the Internet for communication,that is,the Industrial Internet.Among them,most of the protocols used by the Industrial Internet are undisclosed protocols formulated by various manufacturers themselves.These protocol data cannot be analyzed by commonly used protocol tools,but they may pose a threat to information security.Therefore,identifying and analyzing these protocol data as much as possible is extremely important for protecting the information security of the Industrial Internet.Since the communication protocols used in the Industrial Internet are generally unknown binary protocols,the unknown binary protocol in the Industrial Internet is the main data type analyzed in this article.The analysis method in this paper is divided into two steps.First,perform cluster analysis on unknown protocol data and classify it into clusters of single protocol data;then perform format inference for single protocol clustering,thereby inferring the unknown industrial Internet The protocol format in which the protocol may exist.The main research contents of the thesis are as follows:1)A clustering method is introduced for the difficult classification of unknown protocols.First,the unknown protocol data set will be preprocessed,and the binary data will be converted into hexadecimal data to facilitate subsequent clustering calculations;later,the improved algorithm designed in this article will be used to perform clustering calculations on the data.Among them,there are two algorithms Each has its pros and cons and needs to be selected based on the actual situation;2)Aiming at the improved K-Means algorithm,design a result evaluation algorithm based on information entropy,which is used to evaluate the quality of the clustering results and facilitate the identification of the optimal clustering algorithm;3)For the clustered protocol clusters,a protocol identification algorithm based on the position and frequency of the bytes is designed.By counting the frequency of the bytes appearing in the same position in the same cluster,the possible existence of the protocol of this cluster format.The data set used is the industrial Internet data set collected on the Internet and the Internet of Vehicles data set collected in the project.The results show that the improved clustering algorithm designed in this article can classify unknown protocol data more accurately,and can be inferred by format.The module obtains the data of each field of the protocol from the single protocol cluster,infers the approximate format of the protocol,and lays the foundation for the subsequent analysis of the meaning of each field. |
PDF Full Text Request