Heuristics-based protocol labeling for industrial control systems
US9384066B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 27, 2013 |
| Grant date | Jul 5, 2016 |
| Priority date | — |
| Expiry date | Dec 27, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F11/0709
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method for learning aspects of messages in an industrial control system is provided. The method includes obtaining a plurality of messages. The method includes starting at a first message field, proceeding via recursion to each next message field, and identifying message values at that message field as constant when constant in messages in a group, as random when random in messages in a group, as length when expressive of a shared length of messages in a group, as opcode when correlated with a shared structure of messages in a group, and otherwise as parameter. The method includes subdividing message groups into subgroups according to the identified message values at that message field, with the recursion applied to each subgroup. A method and system for monitoring messages in an industrial control system is provided.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.