Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests ...Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).展开更多
In recent years,rumors have been shown to have a significant impact on individual and societal activities.As renewables play an increasingly significant role in electricity markets,certain rumors may deviate the biddi...In recent years,rumors have been shown to have a significant impact on individual and societal activities.As renewables play an increasingly significant role in electricity markets,certain rumors may deviate the bidding behavior of market entities and eventually affect the performance of market operations.In this study,we attempt to reveal the general threats caused by rumors in the context of day-ahead electricity markets considering the integration of volatile renewables.First,we model the propagation of rumors in the societal system considering the weight of propagation resistance,which principally reflects the communication accessibility of market entities.Second,we develop an integrated two-layer network model to uncover the inherent coupling mechanism between market operations and rumor propagation.In particular,the role of electricity market operations on rumor propagation is characterized by changes in the truthfulness of rumors associated with electricity prices.The rumors,in turn,affect the bidding quantities of market entities in electricity market operations.Finally,numerical experiments are conducted on modified IEEE 6-bus and 118-bus systems.The results demonstrate the potential threats of rumors to electricity market operations with different penetration levels of renewables.展开更多
基金Project(62125306)supported by the National Science Fund for Distinguished Young Scholars,ChinaProject(2022A1515240003)supported by the Guangdong Basic and Applied Basic Research Foundation,China。
基金supported by the National Natural Science Foundation of China(No.61833015)。
文摘Proprietary(or semi-proprietary)protocols are widely adopted in industrial control systems(ICSs).Inferring protocol format by reverse engineering is important for many network security applications,e.g.,program tests and intrusion detection.Conventional protocol reverse engineering methods have been proposed which are considered time-consuming,tedious,and error-prone.Recently,automatical protocol reverse engineering methods have been proposed which are,however,neither effective in handling binary-based ICS protocols based on network traffic analysis nor accurate in extracting protocol fields from protocol implementations.In this paper,we present a framework called the industrial control system protocol reverse engineering framework(ICSPRF)that aims to extract ICS protocol fields with high accuracy.ICSPRF is based on the key insight that an individual field in a message is typically handled in the same execution context,e.g.,basic block(BBL)group.As a result,by monitoring program execution,we can collect the tainted data information processed in every BBL group in the execution trace and cluster it to derive the protocol format.We evaluate our approach with six open-source ICS protocol implementations.The results show that ICSPRF can identify individual protocol fields with high accuracy(on average a 94.3%match ratio).ICSPRF also has a low coarse-grained and overly fine-grained match ratio.For the same metric,ICSPRF is more accurate than AutoFormat(88.5%for all evaluated protocols and 80.0%for binary-based protocols).
基金supported by the Fundamental Research Funds for the Central Universities(Zhejiang University NGICS Platform)the Zhejiang Provincial Public Welfare Technology Application Research Project(No.LGJ21E070001)。
文摘In recent years,rumors have been shown to have a significant impact on individual and societal activities.As renewables play an increasingly significant role in electricity markets,certain rumors may deviate the bidding behavior of market entities and eventually affect the performance of market operations.In this study,we attempt to reveal the general threats caused by rumors in the context of day-ahead electricity markets considering the integration of volatile renewables.First,we model the propagation of rumors in the societal system considering the weight of propagation resistance,which principally reflects the communication accessibility of market entities.Second,we develop an integrated two-layer network model to uncover the inherent coupling mechanism between market operations and rumor propagation.In particular,the role of electricity market operations on rumor propagation is characterized by changes in the truthfulness of rumors associated with electricity prices.The rumors,in turn,affect the bidding quantities of market entities in electricity market operations.Finally,numerical experiments are conducted on modified IEEE 6-bus and 118-bus systems.The results demonstrate the potential threats of rumors to electricity market operations with different penetration levels of renewables.
