Abstract
In recent years, there has been an increasing interest in security of Industrial Control System (ICS) to figure out vulnerabilities in Supervisory Control and Data Acquisition (SCADA) system. One of the popular methods to find vulnerabilities is fuzzing, which is test of pushing data to the target for more secure operations. However, it is necessary to have in-depth knowledge of protocol specification as long as we want to utilize fuzzing in both intelligent and time-efficient manner. Although extensive research has been carried out on protocol specification, most studies in this field have focused on plain text protocol such as typically Hyper Text Transport Protocol (HTTP). In this paper, we have proposed multivariate statistic approach to binary protocols in SCADA system in order to obtain information of field specification. Then, we showed that informative results with field specification from our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
National Cybersecurity and Communications Integration Center: ICS-CERT Year in Review (2013)
National Cybersecurity and Communications Integration Center: NCCIC/ICS-CERT Monitor for January-April (2014)
Wondracek, G., Comparetti, P.M., Kruegel, C., Kirda, E., Anna, S.S.S.: Automatic network protocol analysis. In: NDSS, pp. 1–14 (2008)
Ming-Ming, X., Shun-zheng, Y., Yu, W.: Automatic network protocol automaton extraction. In: Third International Conference on Network and System Security, 2009. NSS 2009, pp. 336–343 (2009)
Gorbunov, S., Rosenbloom, A.: Autofuzz: Automated network protocol fuzzing framework. IJCSNS 10, 239 (2010)
Lin, Z., Jiang, X., Xu, D., Zhang, X.: Automatic protocol format reverse engineering through context-aware monitored execution. In: NDSS, pp. 1–15 (2008)
Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Comput. Netw. 57, 451–474 (2013)
Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: a yacc for writing application protocol parsers. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 289–300. ACM, Rio de Janeriro, Brazil (2006)
DeYoung, M.E.: Dynamic protocol reverse engineering: a grammatical inference approach. In: DTIC Document (2008)
Beddoe, M.A.: Network protocol analysis using bioinformatics algorithms (2004)
Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 317–329. ACM, Alexandria, Virginia, USA (2007)
Comparetti, P.M., Wondracek, G., Kruegel, C., Kirda, E.: Prospex: protocol specification extraction. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 110–125. IEEE Computer Society (2009)
Yongjun, H., Hui, S., Xiaobing, X.: Protocol reverse engineering based on DynamoRIO. In: International Conference on Information and Multimedia Technology, 2009. ICIMT 2009, pp. 310–314 (2009)
Wang, Z., Jiang, X., Cui, W., Wang, X., Grace, M.: ReFormat: automatic reverse engineering of encrypted messages. In: Backes, M., Ning, P. (eds.) Proceedings of the 14th European Conference on Research in Computer Security. Lecture Notes in Computer Science, pp. 200–215. Springer, Saint-Malo, France (2009)
Antunes, J., Neves, N., Verissimo, P.: Reverse engineering of protocols from network traces. In: 2011 18th Working Conference on Reverse Engineering (WCRE), pp. 169–178. IEEE (2011)
Shevertalov, M., Mancoridis, S.: A reverse engineering tool for extracting protocols of networked applications. In: 14th Working Conference on Reverse Engineering 2007. WCRE 2007, pp. 229–238 (2007)
Allen-Bradley: DF1 protocol and command set reference manual. http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/1770-m516_-en-p.pdf)
Modbus: Modbus application protocol specification V1.1b3. http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf)
Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48, 443–453 (1970)
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27, 379–423 (1948)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Choi, S., Chang, Y., Yun, JH., Kim, W. (2015). Multivariate Statistic Approach to Field Specifications of Binary Protocols in SCADA System. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-15087-1_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-15086-4
Online ISBN: 978-3-319-15087-1
eBook Packages: Computer ScienceComputer Science (R0)