Research And Implementation Of Industrial Control Protocol Reverse System Based On Dynamic Binary Analysis

Industrial control system(ICS)is widely used in the field of industrialized production and manufacturing.In recent years,attacks against industrial control systems have emerged one after another.Security researches related to industrial control protocols,such as fuzzing,intrusion detection and honeypot technology,all require the industrial control system protocol format as a prerequisite.However,the current industrial control protocol formats are mostly private protocols,and the progress of security research is hindered.How to effectively reverse the industrial control system protocol is of great significance for system security.This paper designs and implements an industrial control protocol reverse system to solve the problem that the private protocol message format in the industrial control system is not disclosed.The main research contents of this paper are as follows:A taint propagation method for industrial control protocol reversal is designed and implemented.This method solves the problem of traversing the conditional branch tree through dynamic symbolic execution technology in the reverse process of industrial control protocol,and realizes the taint propagation of taint in control dependent statements.In the data flow taint propagation stage,the taint propagation rules are improved for the big-endian phenomenon of industrial control binary protocol and some special cases.Experiments have verified that it can solve the problem of insufficient taint propagation.Combined with the taint propagation strategy for the reverse of industrial control protocol in this paper,the reverse system of industrial control protocol is designed and implemented.The system uses the industrial control protocol message as tainted data,and realizes the tracking of the message running track through dynamic binary analysis.Based on this,it realizes the division of industrial control protocol fields and field semantic analysis.Users can perform business operations on the industrial control protocol reverse system through the web interface,and the system provides visual results display.