Protection of industrial control systems (ICS) poses many challenges. Industrial control systems use an extensive variety of protocols, many proprietary, in network communication among devices of the control system. Many solutions for the protection of industrial control systems rely on direct knowledge of protocol formats. These solutions are typically not generalizable to proprietary protocols, except with a large amount of custom reworking. Protocol parsers with built-in programming for specific protocols fail in the face of unfamiliar or new protocols. Many vendors are not eager to share details on their protocols, and licensing contracts with vendors often include clauses aimed at preventing reverse engineering of the protocols. Protocol-aware approaches are thus generally costly and based on reverse engineering, and are not readily upgradable in situations involving addition of proprietary protocols. An alternative venue to protocol-aware approaches consists in protocol learning, a set of techniques that have been investigated in the research world as a way to infer the protocol formats in a fully or partially automated way. Protocol learning often relies on alignment techniques, but attempts to align messages, by looking for or inserting gaps within the message payloads in order to maximize byte-wise alignment, often fail in industrial control systems. This is because many of these industrial control systems have messages with binary protocols that lack recurring numbers of fixed bytes, e.g. spaces, used as separators in the message. As a result of these and other factors, many industrial control systems are left without or with only minimal protection against cyber-attacks or other forms of sabotage. It is within this context that the embodiments arise.