| Issue |
Security and Safety
Volume 4, 2025
Security and Safety for Next Generation Industrial Systems
|
|
|---|---|---|
| Article Number | 2025012 | |
| Number of page(s) | 37 | |
| Section | Industrial Control | |
| DOI | https://doi.org/10.1051/sands/2025012 | |
| Published online | 28 October 2025 | |
Review
Reverse engineering of industrial control protocol: A survey
1
State Key Laboratory of Public Big Data, School of Computer Science and Technology, Guizhou University, Guiyang, 550025, China
2
College of Control Science and Engineering, Zhejiang University, Zhejiang, 310027, China
* Corresponding authors (email: This email address is being protected from spambots. You need JavaScript enabled to view it.
)
Received:
11
April
2025
Revised:
7
June
2025
Accepted:
12
September
2025
Abstract
Industrial control systems (ICSs) are designed for monitoring and controlling industrial processes, enabling the automation and management of critical sectors such as production, manufacturing, and power system through electronic devices and communication infrastructure. Industrial control protocols (ICPs) refer to the standardized rules and formats used for communication. Protocol reverse engineering (PRE) refers to the process of inferring the structure, semantics, and behavior of a communication protocol in the absence of official specifications or documentation. Given the prevalence of proprietary protocols in ICS and the limited formal documentation, PRE is an important method for understanding and managing protocol behavior in complex heterogeneous industrial environments. Over the past decades, ICSs have typically operated within isolated and closed network environments, where many protocol specifications remained proprietary and unknown, thereby hindering the evaluation of protocol security. This limitation has driven the development of reverse engineering approaches for ICPs. To systematically summarize the current research results and development of ICP reverse engineering, we build a complete technical framework about typical objectives of protocol reverse engineering. The existing methods are summarized in seven aspects, including data acquisition, message clustering, field division, key field identification, field semantic derivation, state machine modeling, and application. The common problems and limitations are discussed, and finally, combined with future implementation needs, we propose several research directions worthy of attention.
Key words: Industrial Control Systems / Cybersecurity / Protocol Reverse Engineering
Citation: Wu Y, Zhang Z, Hetu Z, Cheng X and Cheng P. Reverse engineering of industrial control protocol: A survey. Security and Safety 2025; 4: 2025012. https://doi.org/10.1051/sands/2025012
© The Author(s) 2025. Published by EDP Sciences and China Science Publishing & Media Ltd.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.