Loading [a11y]/accessibility-menu.js
Industrial Control Protocol Type Inference Using Transformer and Rule-based Re-Clustering | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >IEEE INFOCOM 2024 - IEEE Conf...

Industrial Control Protocol Type Inference Using Transformer and Rule-based Re-Clustering

PDF
Yuhuan Liu; Yulong Ding; Jie Jiang; Bin Xiao; Shuang-Hua Yang
All Authors

Abstract:

The development of the Industrial Internet of Things (IIoT) is impeded by the lack of unknown protocol specifications. Protocol Reverse Engineering (PRE) plays a crucial ...Show More

Metadata

Abstract:

The development of the Industrial Internet of Things (IIoT) is impeded by the lack of unknown protocol specifications. Protocol Reverse Engineering (PRE) plays a crucial role in inferring unpublished protocol specifications by analyzing traffic messages. Since different types within a protocol often have distinct formats, inferring the protocol type is essential for subsequent reverse analysis. Natural Language Processing (NLP) models have demonstrated remarkable capabilities in various sequence tasks, and traffic messages of unknown protocols can be analyzed as sequences. In this paper, we propose a framework for clustering unknown industrial control protocol types. Our framework utilizes a transformer-based auto-encoder network to train corresponding request and response messages, leveraging intermediate layer embedding vectors learned by the network for clustering. The clustering results are employed to extract candidate keywords and establish empirical rules. Subsequently, rule-based re-clustering is performed, and its effectiveness is evaluated based on previous clustering results. Through this re-clustering process, we identify the most effective combination of keywords that define the type. We evaluate the proposed framework using three general protocols that have different type rules and successfully separate the protocol internal types completely.
Published in: IEEE INFOCOM 2024 - IEEE Conference on Computer Communications
Date of Conference: 20-23 May 2024
Date Added to IEEE Xplore: 12 August 2024
ISBN Information:

ISSN Information:

DOI: 10.1109/INFOCOM52122.2024.10621186
Conference Location: Vancouver, BC, Canada

Funding Agency:

Contents

I. Introduction

Achieving interconnection and ensuring security in the Industrial Internet of Things (IIoT) requires significant effort in the reverse engineering of industrial control protocols [1]. Various companies and organizations have developed their proprietary protocols, such as Schneider’s Modbus [2], Siemens’ S7Communication [3], and ODVA’s EthernetIP/CIP [4]. Furthermore, within the same company, the introduction of new equipment or updates often leads to the development of non-public protocol variants, such as the disclosed version 0x32 and the unpublished version 0x72 in S7Communication. Given the diverse range of equipment and facilities used in IIoT systems, understanding the protocols employed by each device is crucial for establishing effective communication connectivity within the system. In addition, the process of updating old equipment and formulating new protocols is often slow and expensive. While the OPC series protocols [5] have made significant efforts and achieved commendable results over the past decade, there remains a considerable demand for the reverse engineering of industrial control protocols. Moreover, security research conducted on IIoT systems and equipment heavily relies on known protocol specifications [6]. For instance, knowledge of these protocols enables the generation of random messages for fuzzing purposes. Therefore, obtaining detailed insights into the protocols utilized in IIoT is essential for both communication functionality and security analysis [7].

Contact IEEE to Subscribe
More Like This
Environmental, Social and Governance (ESG) Scores Automation in Global Reporting Initiative (GRI) with Natural Language Processing

2024 7th International Conference on Internet Applications, Protocols, and Services (NETAPPS)

Published: 2024

Natural language processing for the automation of operations in an online bookstore

2023 IEEE 19th International Conference on Intelligent Computer Communication and Processing (ICCP)

Published: 2023

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.