Visible to the public A Text Similarity-based Protocol Parsing Scheme for Industrial Internet of Things

TitleA Text Similarity-based Protocol Parsing Scheme for Industrial Internet of Things
Publication TypeConference Paper
Year of Publication2021
AuthorsJiang, Xiaoyu, Qiu, Tie, Zhou, Xiaobo, Zhang, Bin, Sun, Ximin, Chi, Jiancheng
Conference Name2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD)
Date Publishedmay
Keywordsdeep packet inspection, Industrial Internet of Things, Manuals, Phase measurement, Position measurement, protocol parsing, Protocols, pubcrawl, resilience, Resiliency, Scalability, security, Text similarity, Tools
AbstractProtocol parsing is to discern and analyze packets' transmission fields, which plays an essential role in industrial security monitoring. The existing schemes parsing industrial protocols universally have problems, such as the limited parsing protocols, poor scalability, and high preliminary information requirements. This paper proposes a text similarity-based protocol parsing scheme (TPP) to identify and parse protocols for Industrial Internet of Things. TPP works in two stages, template generation and protocol parsing. In the template generation stage, TPP extracts protocol templates from protocol data packets by the cluster center extraction algorithm. The protocol templates will update continuously with the increase of the parsing packets' protocol types and quantities. In the protocol parsing phase, the protocol data packet will match the template according to the similarity measurement rules to identify and parse the fields of protocols. The similarity measurement method comprehensively measures the similarity between messages in terms of character position, sequence, and continuity to improve protocol parsing accuracy. We have implemented TPP in a smart industrial gateway and parsed more than 30 industrial protocols, including POWERLINK, DNP3, S7comm, Modbus-TCP, etc. We evaluate the performance of TPP by comparing it with the popular protocol analysis tool Netzob. The experimental results show that the accuracy of TPP is more than 20% higher than Netzob on average in industrial protocol identification and parsing.
Citation Keyjiang_text_2021