A Sparse Protocol Parsing Method for IIoT Based on BPSO-vote-HMM Hybrid Model

Abstract

With the development of the Industrial Internet of Things, industrial control systems have become more open and intelligent. However, large numbers of unknown protocols exist in IIoT, threatening the security of IIoT devices and systems. Protocol reverse engineering extracts the grammar and semantics of the protocol by monitoring and analyzing the traffic trace or the execution process of instructions, without the need for protocol description. As the executable programs are mainly integrated into the IIoT devices and the communication traffic is relatively sparse, the traditional protocol analyzing method is not suitable for the IIoT environment. This paper proposes an improved sparse protocol parsing method of IIoT protocol based on the BPSO-vote-HMM hybrid model. The binary particle swarm optimization algorithm is introduced to expand the captured IIoT protocol message sequence, solving the problems of sparse samples in IIoT and the low efficiency of the GA-based data expansion model. Besides, we improve on the parameter training part to improve the efficiency and get better model parameters by dividing the training set into several sub-sets, conducting the parameter update parallel, and inputting the results into a voter to generate the final parameter of HMM, which is used in protocol field prediction. Finally, by combining the BPSO-based data expansion model and the protocol field parsing model based on vote-HMM, a hybrid analytical model is constructed to improve the analytical accuracy in a gradual evolutionary manner. Through a series of comparative experiments, the improved protocol field parsing model has better performance on IIoT protocol.