ICEPRE: ICS protocol reverse engineering via data-driven concolic execution
With the advancement of digital transformation, Industrial Control Systems (ICS) are becoming increasingly open and intelligent. However, inherent vulnerabilities in ICS protocols pose significant security threats to devices and systems. The proprietary nature of ICS protocols complicates the security analysis and deployment of protective mechanisms for ICS. Protocol reverse engineering aims to infer the syntax, semantics, and state machines of protocols in the absence of official specifications. Traditional protocol reverse engineering tools face considerable limitations due to the lack of executable environments, incomplete inference strategies, and low-quality network traffic. In this paper, we present ICEPRE, a novel data-driven protocol reverse engineering method based on concolic execution, which uniquely integrates network trace with static analysis.Unlike conventional methods that rely on executable environments, ICEPRE statically tracks the program’s parsing process for specific input messages. Furthermore, we employ an innovative field boundary inference strategy to infer the protocol’s syntax by analyzing how the protocol parser handles different fields. Our evaluation demonstrates that ICEPRE significantly outperforms previous protocol reverse engineering tools in field boundary inference, achieving an F1 score of 0.76 and a perfection score of 0.67, while DynPRE, BinaryInferno, Nemeys, and Netzob yield (0.65, 0.35), (0.42, 0.14), (0.39, 0.09), and (0.27, 0.10), respectively. These results underscore the superior overall performance of our method. Additionally, ICEPRE exhibits exceptional performance with proprietary protocols in real-world scenarios, highlighting its practical applicability in downstream applications.
Wed 25 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:15 | |||
11:00 25mTalk | Beyond Static Pattern Matching? Rethinking Automatic Cryptographic API Misuse Detection in the Era of LLMs Research Papers Yifan Xia , Zichen Xie Zhejiang University, China, Peiyu Liu Zhejiang University, Kangjie Lu University of Minnesota, Yan Liu Ant Group, Wenhai Wang Zhejiang University, Shouling Ji Zhejiang University DOI | ||
11:25 25mTalk | Pepper: Preference-Aware Active Trapping for Ransomware Research Papers Huan Zhang Institute of Information Engineering, Chinese Academy of Sciences, Zhengkai Qin Institute of Information Engineering,Chinese Academy of Sciences, Lixin Zhao Institute of Information Engineering,Chinese Academy of Sciences, Aimin Yu Institute of Information Engineering, Chinese Academy of Sciences, Lijun Cai Institute of Information Engineering,Chinese Academy of Sciences, Dan Meng Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||
11:50 25mTalk | ICEPRE: ICS protocol reverse engineering via data-driven concolic execution Research Papers Yibo Qu Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Dongliang Fang Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS, China; School of Cyber Security, University of Chinese Academy of Sciences, China, Zhen Wang Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Jiaxing Cheng Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Shuaizong Si Beijing Key Laboratory of IoT Information Security Technology, Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Yongle Chen Taiyuan University of Technology, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI |
Aurora B is the second room in the Aurora wing.
When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.