Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Clustering method in protocol reverse engineering for industrial protocols
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Shim, Kyu-Seok | - |
| dc.contributor.author | Goo, Young-Hoon | - |
| dc.contributor.author | Lee, Min-Seob | - |
| dc.contributor.author | Kim, Myung-Sup | - |
| dc.date.accessioned | 2021-12-08T19:41:58Z | - |
| dc.date.available | 2021-12-08T19:41:58Z | - |
| dc.date.created | 2021-08-30 | - |
| dc.date.issued | 2020-11 | - |
| dc.identifier.issn | 1055-7148 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/130397 | - |
| dc.description.abstract | Automation in all aspects of industrial activity is currently needed in today's industries. Networks, which are the most essential elements of automation, have been widely used in industrial sites to realize such needs. However, network security threats and malfunctions at industrial sites can cause considerable physical damage. Damage can be prevented, and threats can be detected through network traffic monitoring. However, industrial protocols use self-developed protocols to ensure rapid and efficient data transfer, and most self-developed protocols are private networking protocols. Efficient network traffic monitoring requires a detailed understanding of the structure of industrial protocols. Studies on existing protocol reverse engineering methods for commercial protocols have indicated that there are many limitations in applying these methods to industrial protocols. Therefore, in this paper, we propose a method of analyzing the structure of private protocols that can be employed as industrial protocols. This methodology consists of six modules: traffic collection, message extraction, message clustering by size, message clustering by similarity, field extraction, and session analysis. We collect traffic using the Schneider Modicon M580 and demonstrate the validity of the proposed methodology by comparing collected traffic with existing protocol reverse engineering methods. | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | WILEY | - |
| dc.title | Clustering method in protocol reverse engineering for industrial protocols | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Kim, Myung-Sup | - |
| dc.identifier.doi | 10.1002/nem.2126 | - |
| dc.identifier.scopusid | 2-s2.0-85087177624 | - |
| dc.identifier.wosid | 000542591400001 | - |
| dc.identifier.bibliographicCitation | INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, v.30, no.6 | - |
| dc.relation.isPartOf | INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT | - |
| dc.citation.title | INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT | - |
| dc.citation.volume | 30 | - |
| dc.citation.number | 6 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalResearchArea | Telecommunications | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
| dc.relation.journalWebOfScienceCategory | Telecommunications | - |
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.