中圖分類號： TP309.1
文獻標識碼： A
DOI： 10.19358/j.issn.2096-5133.2021.09.004
引用格式： 周帥，王紹杰. 私有工控協議分類方法研究[J].信息技術與網絡安全，2021，40(9)：19-24.

Research on classification method of private industrial control protocol

Abstract： Industrial control protocol is a branch of network protocol. In the research of information security of industrial control system, protocol security is a very important part. At present, industrial control protocols are lack of unified specifications, resulting in a large number of private unknown protocols. In the face of the reverse analysis of these private protocols, the research on packet classification is limited. This paper proposes a packet classification method of private industrial control protocols by studying the protocol reverse method based on network traffic, which uses N-gram algorithm for packet segmentation, then the keywords are extracted by keyword extraction algorithm, and finally the message clustering is carried out according to the extracted keywords. Experimental results show that the proposed method can classify unknown industrial control protocols according to their functions.

Key words : industrial control protocol；protocol reverse；network traffic；N-gram