A technique for bytecode decompilation of PLC program
暂无分享,去创建一个
Program logical controllers (PLCs) are the kernel equipment of industrial control system (ICS) as they directly monitor and control industrial processes. Recently, ICS is suffering from various cyber threats, which may lead to significant consequences due to its inherent characteristics. In IT system, decompilation is a useful method to detect intrusion or to discovery vulnerabilities, however, it has yet not been developed in ICS. In this work, we present a technique to decompile the bytecode of PLC program. By introducing the instruction template and operand template, we propose a decompiling framework, which is validated by 11 PLC programs. In disassembling experiments, the present framework can cover all instructions with disassembling accuracy reaching 100%, this fully shows that our framework is able to effectively decompile the bytecode of PLC programs.
[1] Ralph Langner,et al. Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.
[2] E. Allen Emerson,et al. The Beginning of Model Checking: A Personal Perspective , 2008, 25 Years of Model Checking.
[3] Adriano Valenzano,et al. Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.
[4] Avishai Wool,et al. Control variable classification, modeling and anomaly detection in Modbus/TCP SCADA systems , 2015, Int. J. Crit. Infrastructure Prot..