A sparse protocol parsing method for IIoT protocols based on HMM hybrid model

As the intelligentization of Industrial Internet of Things (IIoT) broke the relatively closed and credible industrial environment, IIoT faces increasingly serious security problems. The commonly used vulnerability discovery method is protocol reverse engineering. However, it is difficult to analyze IIoT protocols with existing protocol reverse engineering approaches, as they influence the normal operation or have spare sample data. In this paper, a sparse protocol parsing method for IIoT protocols is proposed. The parsing method expands the samples of the captured IIoT protocol message sequences using a genetic algorithm (GA), which designs its fitness function based on the protocol response data to select high-quality samples. By combining the GA with the hidden Markov model (HMM) with lower algorithm complexity, a hybrid parsing model is constructed to improve accuracy in a gradual evolution way. Through comparison experiments on various IIoT protocols, our HMM hybrid model has better performance than RNN hybrid models under sparse samples.