Industrial control system (ICS) protocols have been developed to obtain the values measured using sensors, control the field devices, and share the collected information. It is necessary to monitor the ICS network continuously based on the ICS protocol knowledge (protocol field’s meaning and protocol’s behavior) for detecting ICS attackers’ suspicious activities. However, the ICS protocols are often proprietary, making it difficult to obtain their exact specifications. Hence, we need an automatic ICS protocol analysis because the tasks involved in the manual reverse engineering are tedious. After analyzing the network traffic obtained from a real ICS, we found that the variable structures were common and packet fragmentation frequently occurred during the operation. We recognized the need for an automated process wherein the packet fragmentation and variable structures are considered. In this paper, we describe our ongoing research to resolve the intricate structures of the ICS protocols in addition to the existing statistical analysis approach and present the implementation results.
CITATION STYLE
Chang, Y., Choi, S., Yun, J. H., & Kim, S. K. (2018). One step more: Automatic ICS protocol field analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10707 LNCS, pp. 241–252). Springer Verlag. https://doi.org/10.1007/978-3-319-99843-5_22
Mendeley helps you to discover research relevant for your work.