Research On Private Industrial Control Protocol Format Analysis Method Based On Field Feature Clustering Method

Internet technologies have developed rapidly in recent years,and industrial control systems have been continuously integrated with traditional network systems with the help of these technologies.As a carrier for information interaction between industrial control systems and other network systems,the security of industrial control protocols is receiving more attention.Industrial control protocols were initially used mainly in stand-alone industrial control systems.Since the integration of industrial control systems with traditional network systems was not considered,industrial control protocols were not designed to take into account the security threats that already existed from traditional networks.The current protocol format information of public industrial control protocols is publicly available,and researchers are able to analyze the public industrial control protocols for effective security accordingly.However,there are a large number of private industrial control protocols whose protocol format information is unique to the design vendors,and researchers have no way to conduct effective security analysis for private industrial control protocols without protocol format information.At the same time,the private industrial control protocol itself is not well designed,and there are more security vulnerabilities.With the continuous integration of industrial control systems and traditional network systems,the security problems in private industrial control protocols make industrial control systems are facing serious security threats.Current researchers who want to perform effective security analysis of private industrial control protocols must know the exact protocol format of private industrial control protocols,so there is an urgent need for an automated method that can accurately analyze the format of private industrial control protocols.This paper mainly focuses on the shortcomings of two existing methods for analyzing industrial control protocols,and conducts a study that consists of two main parts.The first one is to address the drawback of human subjective summarization of field characteristics in the field type-based format analysis method,and use the Long short-term memory Fully convolutional neural network(LSTM-FCN)model for private industrial control protocols.We use Long short-term memory Fully convolutional neural network(LSTM-FCN)model to identify the field types of private industrial control protocols,and then fuse the fields with manual analysis to obtain the private industrial control protocols format.The second one is to address the problem of non-key segment interference in the clustering distance calculation based on the clustering analysis method,and propose a method to perform hierarchical clustering based on specific private industrial control protocol fields,and then extract the private industrial control protocols format.Details are as follows:1、The LSTM-FCN model is applied to the analysis of private industrial control protocols formats,replacing the traditional method of manually observing and summarizing protocol field types,minimizing the influence of human factors on the identification of field types,and making the identification of private industrial control protocols field types more accurate and credible.Then,on the premise of using the LSTM-FCN model to infer the private industrial control protocols field types,the private industrial control protocol format is inferred by combining the characteristics of existing protocol formats.2、The second part combines the results of the previous part of the LSTM-FCN model to identify private industrial control protocol field types,and uses automated analysis methods to infer the format of private industrial control protocols in the section on private industrial control protocol format inference.The main innovation of this part are that instead of distance calculation of all protocol fields as in the traditional method,several specific fields in private industrial control protocol that determined the protocol packet class are used for distance calculation,and then the optimal clusters are determined by using hierarchical clustering and the CH coefficient,and then the comparison results of each cluster are obtained by using the sequence comparison method that preserves the field position information.Finally,the private industrial control protocol format is extracted from all clusters synthetically.The experimental results show that the method can minimize the influence of human factors in the task of private industrial control protocol field type identification,while the use of a specific fields for distance calculation can make the method able to use less data than the traditional method to achieve the same analysis effect.