Skip to main content
SpringerLink
Log in

Multivariate Statistic Approach to Field Specifications of Binary Protocols in SCADA System

  • Conference paper
  • First Online:
Information Security Applications (WISA 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8909))

Included in the following conference series:

Abstract

In recent years, there has been an increasing interest in security of Industrial Control System (ICS) to figure out vulnerabilities in Supervisory Control and Data Acquisition (SCADA) system. One of the popular methods to find vulnerabilities is fuzzing, which is test of pushing data to the target for more secure operations. However, it is necessary to have in-depth knowledge of protocol specification as long as we want to utilize fuzzing in both intelligent and time-efficient manner. Although extensive research has been carried out on protocol specification, most studies in this field have focused on plain text protocol such as typically Hyper Text Transport Protocol (HTTP). In this paper, we have proposed multivariate statistic approach to binary protocols in SCADA system in order to obtain information of field specification. Then, we showed that informative results with field specification from our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. National Cybersecurity and Communications Integration Center: ICS-CERT Year in Review (2013)

    Google Scholar 

  2. National Cybersecurity and Communications Integration Center: NCCIC/ICS-CERT Monitor for January-April (2014)

    Google Scholar 

  3. Wondracek, G., Comparetti, P.M., Kruegel, C., Kirda, E., Anna, S.S.S.: Automatic network protocol analysis. In: NDSS, pp. 1–14 (2008)

    Google Scholar 

  4. Ming-Ming, X., Shun-zheng, Y., Yu, W.: Automatic network protocol automaton extraction. In: Third International Conference on Network and System Security, 2009. NSS 2009, pp. 336–343 (2009)

    Google Scholar 

  5. Gorbunov, S., Rosenbloom, A.: Autofuzz: Automated network protocol fuzzing framework. IJCSNS 10, 239 (2010)

    Google Scholar 

  6. Lin, Z., Jiang, X., Xu, D., Zhang, X.: Automatic protocol format reverse engineering through context-aware monitored execution. In: NDSS, pp. 1–15 (2008)

    Google Scholar 

  7. Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Comput. Netw. 57, 451–474 (2013)

    Article  Google Scholar 

  8. Pang, R., Paxson, V., Sommer, R., Peterson, L.: binpac: a yacc for writing application protocol parsers. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 289–300. ACM, Rio de Janeriro, Brazil (2006)

    Google Scholar 

  9. DeYoung, M.E.: Dynamic protocol reverse engineering: a grammatical inference approach. In: DTIC Document (2008)

    Google Scholar 

  10. Beddoe, M.A.: Network protocol analysis using bioinformatics algorithms (2004)

    Google Scholar 

  11. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 317–329. ACM, Alexandria, Virginia, USA (2007)

    Google Scholar 

  12. Comparetti, P.M., Wondracek, G., Kruegel, C., Kirda, E.: Prospex: protocol specification extraction. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, pp. 110–125. IEEE Computer Society (2009)

    Google Scholar 

  13. Yongjun, H., Hui, S., Xiaobing, X.: Protocol reverse engineering based on DynamoRIO. In: International Conference on Information and Multimedia Technology, 2009. ICIMT 2009, pp. 310–314 (2009)

    Google Scholar 

  14. Wang, Z., Jiang, X., Cui, W., Wang, X., Grace, M.: ReFormat: automatic reverse engineering of encrypted messages. In: Backes, M., Ning, P. (eds.) Proceedings of the 14th European Conference on Research in Computer Security. Lecture Notes in Computer Science, pp. 200–215. Springer, Saint-Malo, France (2009)

    Google Scholar 

  15. Antunes, J., Neves, N., Verissimo, P.: Reverse engineering of protocols from network traces. In: 2011 18th Working Conference on Reverse Engineering (WCRE), pp. 169–178. IEEE (2011)

    Google Scholar 

  16. Shevertalov, M., Mancoridis, S.: A reverse engineering tool for extracting protocols of networked applications. In: 14th Working Conference on Reverse Engineering 2007. WCRE 2007, pp. 229–238 (2007)

    Google Scholar 

  17. Allen-Bradley: DF1 protocol and command set reference manual. http://literature.rockwellautomation.com/idc/groups/literature/documents/rm/1770-m516_-en-p.pdf)

  18. Modbus: Modbus application protocol specification V1.1b3. http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf)

  19. Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48, 443–453 (1970)

    Article  Google Scholar 

  20. Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27, 379–423 (1948)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Attached Institute of ETRI, P.O. Box 1, Yuseong, Daejeon, 305-600, Korea

    Seungoh Choi, Yeop Chang, Jeong-Han Yun & Woonyon Kim

Authors
  1. Seungoh Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yeop Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jeong-Han Yun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Woonyon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Seungoh Choi .

Editor information

Editors and Affiliations

  1. Pukyong National University, Busan, Korea, Republic of (South Korea)

    Kyung-Hyune Rhee

  2. School of Computer Science and Engineering, Soongsil University, Seoul, Korea, Republic of (South Korea)

    Jeong Hyun Yi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Choi, S., Chang, Y., Yun, JH., Kim, W. (2015). Multivariate Statistic Approach to Field Specifications of Binary Protocols in SCADA System. In: Rhee, KH., Yi, J. (eds) Information Security Applications. WISA 2014. Lecture Notes in Computer Science(), vol 8909. Springer, Cham. https://doi.org/10.1007/978-3-319-15087-1_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-15087-1_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-15086-4

  • Online ISBN: 978-3-319-15087-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation