z-logo
Premium
Clustering method in protocol reverse engineering for industrial protocols
Author(s) -
Shim KyuSeok,
Goo YoungHoon,
Lee MinSeob,
Kim MyungSup
Publication year - 2020
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.2126
Subject(s) - computer science , protocol (science) , cluster analysis , automation , reverse engineering , communications protocol , computer network , artificial intelligence , medicine , mechanical engineering , alternative medicine , pathology , engineering , programming language
Summary Automation in all aspects of industrial activity is currently needed in today's industries. Networks, which are the most essential elements of automation, have been widely used in industrial sites to realize such needs. However, network security threats and malfunctions at industrial sites can cause considerable physical damage. Damage can be prevented, and threats can be detected through network traffic monitoring. However, industrial protocols use self‐developed protocols to ensure rapid and efficient data transfer, and most self‐developed protocols are private networking protocols. Efficient network traffic monitoring requires a detailed understanding of the structure of industrial protocols. Studies on existing protocol reverse engineering methods for commercial protocols have indicated that there are many limitations in applying these methods to industrial protocols. Therefore, in this paper, we propose a method of analyzing the structure of private protocols that can be employed as industrial protocols. This methodology consists of six modules: traffic collection, message extraction, message clustering by size, message clustering by similarity, field extraction, and session analysis. We collect traffic using the Schneider Modicon M580 and demonstrate the validity of the proposed methodology by comparing collected traffic with existing protocol reverse engineering methods.

This content is not available in your region!

Continue researching here.

Having issues? You can contact us here