CN114584497A - Passive industrial control system asset identification method and device - Google Patents
Passive industrial control system asset identification method and device Download PDFInfo
- Publication number
- CN114584497A CN114584497A CN202210479357.7A CN202210479357A CN114584497A CN 114584497 A CN114584497 A CN 114584497A CN 202210479357 A CN202210479357 A CN 202210479357A CN 114584497 A CN114584497 A CN 114584497A
- Authority
- CN
- China
- Prior art keywords
- decision tree
- fingerprint
- industrial control
- data set
- asset identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Abstract
The invention discloses an asset identification method and device of a passive industrial control system, wherein the method comprises the following steps: s1) acquiring the industrial control network flow; s2) analyzing and extracting the protocol stack fingerprint in the industrial control network flow acquired in the step S1); s3) performing fingerprint database collision by using the protocol stack fingerprint attribute extracted in the step S2) and the fingerprint database, outputting the asset name corresponding to the hit fingerprint when the fingerprint in the fingerprint database is hit, and otherwise, outputting the corresponding asset name after the classification is performed by the asset identification decision tree classifier. The method solves the technical problems that the active acquisition of the industrial control network flow generates interference on the industrial control network, the NAT routing asset detection difficulty is high and the like through the method of passively acquiring the industrial control network flow.
Description
Technical Field
The invention relates to the field of asset identification of industrial control networks, in particular to an asset identification method and device of a passive industrial control system.
Background
Because the industrial control system is generally lack of safety design at the beginning of design, the industrial asset detection is carried out in the industrial field by adopting the modes of active detection and the like commonly used in the traditional IT system, part of sensitive industrial control equipment can be influenced and even damaged, and meanwhile, the industrial control system plays a vital role in industrial production, so the industrial control asset detection is usually not allowed to be carried out in the industrial field by adopting the active mode. In addition, the existing asset detection technology based on the TCP/IP protocol stack fingerprint feature library also has the problems of low unknown asset identification efficiency and accuracy.
Disclosure of Invention
Therefore, the technical problems to be solved by the present invention are to provide a method and an apparatus for identifying assets of a passive industrial control system, wherein the technical problems that actively acquiring industrial control network traffic interferes with an industrial control network, NAT routing assets are difficult to detect, and the like are solved by a method for passively acquiring industrial control network traffic.
In order to solve the technical problems, the invention provides the following technical scheme:
a passive industrial control system asset identification method comprises the following steps:
s1) acquiring the industrial control network flow;
s2) analyzing and extracting the protocol stack fingerprint in the industrial control network flow acquired in the step S1);
s3) performing fingerprint database collision by using the protocol stack fingerprint attribute extracted in the step S2) and the fingerprint database, outputting the asset name corresponding to the hit fingerprint when the fingerprint in the fingerprint database is hit, and otherwise, outputting the corresponding asset name after the classification is performed by the asset identification decision tree classifier.
In the above passive industrial control system asset identification method, in step S3), the decision tree construction step in the asset identification decision tree classifier is as follows:
a) preprocessing fingerprints of a decision tree training data set S;
b) constructing a decision tree by using the decision training data set S preprocessed in the step a);
c) pruning the decision tree constructed in step b) by using a test data set.
In the passive industrial control system asset identification method, in the step a), the fingerprint preprocessing of the decision tree training data set S comprises protocol stack attribute feature extraction, commonality value taking, classification and marking.
In the above-mentioned passive industrial control system asset identification method, in step a), the fingerprint attribute selectable items are discretely processed, and each fingerprint attribute selectable item is marked as an independent attribute.
In the asset identification method of the passive industrial control system, in the step b), the training samples in the decision tree training data set S are divided into k types to obtain a decision tree training data subsetIs composed ofCalculating the information entropy of the decision tree training data set SThe method comprises the following steps:
in the formula (I), the compound is shown in the specification,belonging to a subset of decision tree training data in a set S of decision tree training dataThe ratio of (a) to (b),belongs to the class-k when training samples in the training data set S for the decision tree are classified into the class-kTraining a data subset of the class decision tree;
to test the attribute AjTraining the preprocessed decision treeDividing the attribute set A of the data set S to generate v branch nodes, and calculating A by the following formulajGain of the preprocessed decision tree training data set S:
in the formula (I), the compound is shown in the specification,for testing the property AjThe range of values of (a) to (b),testing attribute A at the vth branch node for decision tree training data set SjUp value isTraining a data set of the decision tree;
the splitting information of the decision tree training data set S after preprocessing in the process of constructing the decision tree is as follows:
Ajinformation gain ratio of (2):
in the asset identification method of the passive industrial control system, in the step c), the mode of pruning the decision tree constructed in the step b) by using the test data set is a post-pruning mode.
In the above passive industrial control system asset identification method, in step c), the confidence α of the misclassification rate after all the non-leaf nodes are cut is calculated from the root node:
where N is the total number of sample instances,an upper bound is estimated for the interval of error rates, f is the observed misclassification rate, and q is the true misclassification rate.
In the asset identification method of the passive industrial control system, in the step c), whether pruning is needed or not is determined according to the change of e before and after pruning;
wherein z is the standard deviation of the confidence coefficient alpha, and z =1-U1-α。
In the passive industrial control system asset identification method, in the step c), after the decision tree pruning is completed, the corresponding industrial control system asset identification rule is directly extracted from the decision tree.
The system for identifying the system assets by utilizing the passive industrial control system asset identification method comprises the following steps:
the flow acquisition module is used for receiving the industrial control network flow in a switch mirror image mode;
the protocol stack fingerprint analysis module is used for extracting a protocol stack fingerprint required by asset identification from a data packet during TCP connection establishment;
the known fingerprint storage module is used for storing the known asset fingerprint characteristics and matching the known flow;
the decision tree classifier module is used for performing asset prediction on the unknown asset fingerprint characteristics according to the decision tree rules; an asset identification decision tree classifier is arranged in the decision tree classifier module;
the identification result display module is used for displaying the asset identification result;
the flow acquisition module is in communication connection with the protocol stack fingerprint analysis module, the protocol stack fingerprint analysis module is in communication connection with the known fingerprint storage module, the known fingerprint storage module is in communication connection with the decision tree classifier module and the identification result display module respectively, and the decision tree classifier module is in communication connection with the identification result display module.
The technical scheme of the invention achieves the following beneficial technical effects:
the method for acquiring the industrial control network flow in a passive mode solves the technical problems that the industrial control network flow is actively acquired to generate interference on the industrial control network, NAT routing asset detection difficulty is high and the like; meanwhile, by the decision tree modeling method, only attribute comparison is performed when the fingerprint sample of the operating system to be detected is processed, the processing is simple, obvious performance advantages are achieved when the fingerprint sample is processed in a large scale, and the technical problem that the identification rate of protocol fingerprints which are not accurately matched is low is solved.
Drawings
Fig. 1 is a schematic diagram of the working principle of the system of the present invention.
FIG. 2 is a schematic flow chart of a passive industrial control system asset identification method of the present invention.
Detailed Description
As shown in fig. 1, the system for identifying system assets in the present invention includes a traffic acquisition module, a protocol stack fingerprint analysis module, a known fingerprint storage module, a decision tree classifier module, and an identification result display module, wherein the traffic acquisition module is in communication with the protocol stack fingerprint analysis module, the protocol stack fingerprint analysis module is in communication with the known fingerprint storage module, the known fingerprint storage module is in communication with the decision tree classifier module and the identification result display module, respectively, and the decision tree classifier module is in communication with the identification result display module. The flow acquisition module is used for receiving the industrial control network flow in a switch mirror image mode; the protocol stack fingerprint analysis module is used for extracting a protocol stack fingerprint required by asset identification from a data packet during TCP connection establishment; the known fingerprint storage module is used for storing the known asset fingerprint characteristics and matching the known flow; the decision tree classifier module is used for performing asset prediction on unknown asset fingerprint characteristics according to decision tree rules, and an asset identification decision tree classifier is arranged in the decision tree classifier module; and the identification result display module is used for displaying the asset identification result.
The decision tree in the decision tree classifier module is constructed by the following steps:
a) preprocessing fingerprints of a decision tree training data set S, wherein the preprocessing of the fingerprints of the decision tree training data set S comprises protocol stack attribute feature extraction, commonality value taking, classification and marking, and discrete processing is performed on fingerprint attribute selectable items, and each fingerprint attribute selectable item is used as an independent attribute to be marked; examples of industrial control network asset attribute features to be processed include: LEN, WIN, DF, TTL, OPT options;
b) constructing a decision tree by using the decision training data set S preprocessed in the step a);
c) pruning the decision tree constructed in the step b) by using the test data set, namely correcting and checking rules generated by the decision tree by using the test data set, and pruning tree branches influencing the accuracy, wherein the pruning mode is post-pruning, so that some useful and non-generated tree nodes can be prevented from being pruned by mistake, and post-pruning is adopted, namely, the decision tree is allowed to excessively fit data, and pruning is performed after the decision tree is generated; and after the pruning of the decision tree is finished, directly extracting the corresponding asset identification rule of the industrial control system from the decision tree. The following are several examples of rules:
1.linux2.9'LEN=52'and'WIN=6144'and'DF=0'and'TTL=64'and'MSS=1460'and'OPT=MNWST'
2.windowsNT'LEN=52'and'WIN=8192'and'DF=1'and'TTL=64'and'MSS=1460'and'OPT=MNWST'
3.windowsXP'LEN=64'and'WIN=65535'
in step b), training samples in the decision tree training data set S are divided into k types to obtain a decision tree training data subsetIs composed ofCalculating the information entropy of the decision tree training data set SThe method comprises the following steps:
in the formula (I), the compound is shown in the specification,belonging to a subset of decision tree training data in a set S of decision tree training dataThe ratio of (a) to (b),belongs to the class-k when training samples in the training data set S for the decision tree are classified into the class-kTraining a subset of data for the decision tree of the class;
to test the attribute AjDividing attribute set A of the preprocessed decision tree training data set S to generate v branch nodes, and calculating A through the following formulajAnd (3) gain of the preprocessed decision tree training data set S:
in the formula (I), the compound is shown in the specification,for testing the property AjValue range of (i.e. 1);Testing attribute A at the vth branch node for decision tree training data set SjUp value ofThe decision tree training dataset of (1) contains all the in-test attributes A in the decision tree training dataset SjUp value isThe sample of (1); the attribute set A is;The number of elements of the data set is trained for the decision tree,training the test attributes A in the data set S for a decision treejThe number of subset elements with a value of v;
according to the formulaInformation entropy ofConsidering different training sample numbers contained in different branch nodes, weights are given to the branch nodesI.e. the effect of branch nodes with a larger number of training samples, is larger, the useful test attribute A can be calculatedjObtaining information gain by dividing the decision tree training data set S;
the splitting information of the decision tree training data set S after preprocessing in the process of constructing the decision tree is as follows:
Ajinformation gain ratio of (1):
wherein the content of the first and second substances,regardless of the class of the training sample.
In step c), the confidence α of the misclassification rate of all non-leaf nodes after being cut is calculated from the root node:
where N is the total number of sample instances,an upper limit is estimated for the interval of error rates, f is the observed misclassification rate, and q is the true misclassification rate. For example, let E be the number of misclassifications in N sample instances, and then f = E/N.
In the step c), determining whether pruning is needed or not according to the change of e before and after pruning;
wherein z is the standard deviation of the confidence coefficient alpha, and z =1-U1-α。
The system is used for identifying the assets of the industrial control system, and comprises the following specific steps:
s1), acquiring the industrial control network flow, specifically, receiving the industrial control network flow in a switch mirror image mode;
s2) analyzing and extracting the attribute of the protocol stack fingerprint in the industrial control network traffic acquired in step S1), specifically, extracting the protocol stack fingerprint required for asset identification from the data packet during TCP connection establishment;
s3) performing fingerprint database collision by using the protocol stack fingerprint attribute extracted in the step S2) and the fingerprint database, outputting the asset name corresponding to the hit fingerprint when the fingerprint in the fingerprint database is hit, and otherwise, outputting the corresponding asset name after the classification is performed by the asset identification decision tree classifier. Specifically, a protocol stack fingerprint acquired from a data packet of industrial control network flow is compared with a fingerprint in a fingerprint library, if the protocol stack fingerprint is completely matched with the fingerprint in the fingerprint library, a corresponding asset name is output, and if the protocol stack fingerprint is not completely matched with the fingerprint in the fingerprint library, an asset identification decision tree classifier is used for accurately predicting according to an attribute field extracted from a message.
In step S2), specifically, the example of the extracted asset fingerprint features is shown in table 1.
TABLE 1 extracted asset fingerprinting features
Assets | LEN | WIN | DF | TTL | MSS | OPT |
Linux2.9 | 52 | 6144 | 0 | 64 | 1460 | MNWST |
Windows NT | 52 | 8192 | 1 | 64 | 1460 | MNWST |
Windows XP | 64 | 65535 | 1 | 128 | 1460 | MNWSNT |
By identifying and testing the unknown assets in the industrial control network, the identification efficiency of the unknown assets is up to 100%, and the highest accuracy can be up to 96%.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications are possible which remain within the scope of the appended claims.
Claims (10)
1. A passive industrial control system asset identification method is characterized by comprising the following steps:
s1) acquiring the industrial control network flow;
s2) analyzing and extracting the protocol stack fingerprint in the industrial control network flow acquired in the step S1);
s3) performing fingerprint database collision by using the protocol stack fingerprint attribute extracted in the step S2) and the fingerprint database, outputting the asset name corresponding to the hit fingerprint when the fingerprint in the fingerprint database is hit, and otherwise, outputting the corresponding asset name after the classification is performed by the asset identification decision tree classifier.
2. The passive industrial control system asset identification method according to claim 1, wherein in step S3), the decision tree in the asset identification decision tree classifier is constructed by the following steps:
a) preprocessing fingerprints of a decision tree training data set S;
b) constructing a decision tree by using the decision training data set S preprocessed in the step a);
c) pruning the decision tree constructed in step b) by using a test data set.
3. The passive industrial control system asset identification method according to claim 2, wherein in step a), the fingerprint preprocessing of the decision tree training data set S comprises protocol stack fingerprint attribute feature extraction, commonality value taking, classification and labeling.
4. A passive industrial control system asset identification method according to claim 3, wherein in step a) fingerprint attribute alternatives are discretely processed, each fingerprint attribute alternative being marked as an individual attribute.
5. The asset identification method of the passive industrial control system according to claim 4, wherein in the step b), the training samples in the training data set S of the decision tree are divided into k classes, and the entropy of the information of the training data set S of the decision tree is calculatedThe method comprises the following steps:
in the formula (I), the compound is shown in the specification,belonging to a subset of decision tree training data in a set S of decision tree training dataThe ratio of (a) to (b),belongs to the class-k when training samples in the training data set S for the decision tree are classified into the class-kTraining a subset of data for the decision tree of the class;
to test attribute AjDividing attribute set A of the preprocessed decision tree training data set S to generate v branch nodes, and calculating A through the following formulajGain of the preprocessed decision tree training data set S:
in the formula (I), the compound is shown in the specification,for testing the property AjThe range of values of (a) to (b),testing attribute A at the vth branch node for decision tree training data set SjUp value ofTraining a data set of the decision tree;
the splitting information of the decision tree training data set S after preprocessing in the process of constructing the decision tree is as follows:
Ajinformation gain ratio of (1):
6. the passive industrial control system asset identification method according to claim 2, wherein in step c), the mode of pruning the decision tree constructed in step b) with the test data set is a post-pruning mode.
7. The passive industrial control system asset identification method according to claim 2, wherein in step c), the confidence α of the misclassification rate after all non-leaf nodes are cut is calculated for the pair of nodes starting from the root node:
8. The passive industrial control system asset identification method according to claim 7, wherein in step c), it is determined whether pruning is required according to the change of e before and after pruning;
wherein z is the standard deviation of the confidence coefficient alpha, and z =1-U1-α。
9. The passive industrial control system asset identification method according to claim 2, wherein in step c), after the decision tree pruning is completed, the corresponding industrial control system asset identification rule is directly extracted from the decision tree.
10. A system for identifying system assets using the passive industrial control system asset identification method according to any one of claims 1 to 9, comprising:
the flow acquisition module is used for receiving the industrial control network flow in a switch mirror image mode;
the protocol stack fingerprint analysis module is used for extracting a protocol stack fingerprint required by asset identification from a data packet during TCP connection establishment;
the known fingerprint storage module is used for storing the known asset fingerprint characteristics and matching the known flow;
the decision tree classifier module is used for performing asset prediction on the unknown asset fingerprint characteristics according to the decision tree rules; an asset identification decision tree classifier is arranged in the decision tree classifier module;
the identification result display module is used for displaying the asset identification result;
the flow acquisition module is in communication connection with the protocol stack fingerprint analysis module, the protocol stack fingerprint analysis module is in communication connection with the known fingerprint storage module, the known fingerprint storage module is in communication connection with the decision tree classifier module and the identification result display module respectively, and the decision tree classifier module is in communication connection with the identification result display module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210479357.7A CN114584497A (en) | 2022-05-05 | 2022-05-05 | Passive industrial control system asset identification method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210479357.7A CN114584497A (en) | 2022-05-05 | 2022-05-05 | Passive industrial control system asset identification method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114584497A true CN114584497A (en) | 2022-06-03 |
Family
ID=81777903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210479357.7A Withdrawn CN114584497A (en) | 2022-05-05 | 2022-05-05 | Passive industrial control system asset identification method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114584497A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115955522A (en) * | 2022-11-30 | 2023-04-11 | 绿盟科技集团股份有限公司 | Asset fingerprint identification method, device, equipment and medium |
CN117633666A (en) * | 2024-01-26 | 2024-03-01 | 远江盛邦(北京)网络安全科技股份有限公司 | Network asset identification method, device, electronic equipment and storage medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110868404A (en) * | 2019-11-05 | 2020-03-06 | 北京航空航天大学 | Industrial control equipment automatic identification method based on TCP/IP fingerprint |
CN113973059A (en) * | 2021-10-21 | 2022-01-25 | 浙江大学 | Passive industrial internet asset identification method and device based on network protocol fingerprint |
-
2022
- 2022-05-05 CN CN202210479357.7A patent/CN114584497A/en not_active Withdrawn
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110868404A (en) * | 2019-11-05 | 2020-03-06 | 北京航空航天大学 | Industrial control equipment automatic identification method based on TCP/IP fingerprint |
CN113973059A (en) * | 2021-10-21 | 2022-01-25 | 浙江大学 | Passive industrial internet asset identification method and device based on network protocol fingerprint |
Non-Patent Citations (3)
Title |
---|
GOVINDA M. G. BEZERRA等: "A Precise Flow Representation for Autonomous IoT-Devices Reconnaissance", 《2022 25TH CONFERENCE ON INNOVATION IN CLOUDS, INTERNET AND NETWORKS AND WORKSHOPS (ICIN)》 * |
卢志伟: "数据挖掘技术在人力资源管理中的运用", 《中国优秀硕士学位论文全文数据库》 * |
朱振显: "基于决策树和被动监听的操作系统识别方法研究", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115955522A (en) * | 2022-11-30 | 2023-04-11 | 绿盟科技集团股份有限公司 | Asset fingerprint identification method, device, equipment and medium |
CN117633666A (en) * | 2024-01-26 | 2024-03-01 | 远江盛邦(北京)网络安全科技股份有限公司 | Network asset identification method, device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114584497A (en) | Passive industrial control system asset identification method and device | |
CN110351301B (en) | HTTP request double-layer progressive anomaly detection method | |
CN111833172A (en) | Consumption credit fraud detection method and system based on isolated forest | |
CN111475680A (en) | Method, device, equipment and storage medium for detecting abnormal high-density subgraph | |
CN111798312A (en) | Financial transaction system abnormity identification method based on isolated forest algorithm | |
CN110222791A (en) | Sample labeling information auditing method and device | |
CN109711424B (en) | Behavior rule acquisition method, device and equipment based on decision tree | |
CN114553983B (en) | Deep learning-based high-efficiency industrial control protocol analysis method | |
CN109635564A (en) | A kind of method, apparatus, medium and equipment detecting Brute Force behavior | |
WO2021174812A1 (en) | Data cleaning method and apparatus for profile, and medium and electronic device | |
CN114553591B (en) | Training method of random forest model, abnormal flow detection method and device | |
CN110427375B (en) | Method and device for identifying field type | |
CN113706100B (en) | Real-time detection and identification method and system for Internet of things terminal equipment of power distribution network | |
CN112202718B (en) | XGboost algorithm-based operating system identification method, storage medium and device | |
CN108920677A (en) | Questionnaire method, investigating system and electronic equipment | |
CN113822366A (en) | Service index abnormality detection method and device, electronic equipment and storage medium | |
CN115294615A (en) | Radio frequency fingerprint identification method based on machine learning | |
CN113806343B (en) | Evaluation method and system for Internet of vehicles data quality | |
CN113645182B (en) | Denial of service attack random forest detection method based on secondary feature screening | |
CN111105041B (en) | Machine learning method and device for intelligent data collision | |
CN112199388A (en) | Strange call identification method and device, electronic equipment and storage medium | |
CN111754352A (en) | Method, device, equipment and storage medium for judging correctness of viewpoint statement | |
CN113535458B (en) | Abnormal false alarm processing method and device, storage medium and terminal | |
CN116126807A (en) | Log analysis method and related device | |
CN115622926A (en) | Industrial control protocol reverse analysis method based on network traffic |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220603 |
|
WW01 | Invention patent application withdrawn after publication |