SeMiner: Side-Information-Based Semantics Miner for Proprietary Industrial Control Protocols

Industrial control protocols (ICPs) are critical for Industrial Internet of Things to achieve interconnection and interaction between the industrial devices. To fully understand a large number of nonstandard and proprietary ICPs, protocol reverse engineering (PRE) techniques are commonly used to reconstruct the ICP specifications. However, existing PRE tools face difficulties in inferring the ICP semantics. Accordingly, this article proposes SeMiner as an ICP semantics analysis framework to achieve the packet field identification, protocol semantics inference, and behavior semantics modeling. Based on the collected graphical side information about the industrial processes, a series of semantic channels is identified using image processing techniques, and a modified Apriori algorithm is used to extract the frequent patterns of each semantic channel. Afterward, a heuristic method based on sequence alignment is designed to simultaneously identify the set of relevant packets and the position of packet fields relevant to the semantic channels. Finally, relying on the packet field semantics, the behavior semantics of industrial processes are modeled and the association rules between the semantic channels are extracted. Thorough experimental results reported herein verify the effectiveness of SeMiner and show the superior performance of SeMiner compared with the several other state-of-the-art algorithms.