Annual Computer Security Applications Conference (ACSAC) 2023

SePanner: Analyzing Semantics of Controller Variables in Industrial Control Systems based on Network Traffic

Programmable logic controllers (PLCs), the essential components of critical infrastructure, play a crucial role in various industrial manufacturing processes. Recent attack events show that attackers have a strong interest in tampering with the controller variables, such as the device status and internal program logic. A typical attack strategy is that the attackers just send malicious network traffic of industrial control protocols (ICPs) to change the controller variables of PLCs. To defend against this attack, a lot of countermeasures have been proposed to detect anomalies in network traffic based on the semantic analysis.

However, the proprietary nature of ICPs poses a challenge to extracting the required semantics for evaluating the controller variables. In this paper, we propose a novel framework named SePanner to extract the semantics of controller variables from proprietary ICPs based on network traffic. Specifically, SePanner conducts the multi-state comparison to locate the semantic fields directly, then removes the interfering fields by the single-state comparison and filtering criteria. Our experiments demonstrate that SePanner can precisely extract the semantics of controller variables from proprietary ICPs, providing protection for PLCs while remaining compatible with various proprietary binary protocols.

Jie Meng
College of Control Science and Engineering, Zhejiang University

Zeyu Yang
College of Control Science and Engineering, Zhejiang University

Zhenyong Zhang
the State Key Laboratory of Public Big Data and the College of Computer Science and Technology, Guizhou University, Guiyang 550025, China

Yangyang Geng
Information Engineering University

Ruilong Deng
College of Control Science and Engineering, Zhejiang University

Peng Cheng
College of Control Science and Engineering, Zhejiang University

Jiming Chen
College of Control Science and Engineering, Zhejiang University

Jianying Zhou
Singapore University of Technology and Design

Paper (ACM DL)

Slides