Analysis of the network protocol syntax based on similarity matching

被引：0

作者：

Guo L. ^{[1
]}

Luo S.-L. ^{[1
]}

Pan L.-M. ^{[1
]}

机构：

[1] Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing

来源：

Pan, Li-Min (panlimin@bit.edu.cn) | 1600年 / Beijing Institute of Technology卷 / 36期

关键词：

Analysis of the network protocol syntax; Protocol reverse; Similarity matching;

D O I：

10.15918/j.tbit1001-0645.2016.05.015

中图分类号：

学科分类号：

摘要：

To solve the problems in analysis of the network protocol syntax, which are rely on human intervention, low efficiency and narrow scope, a method was proposed for analysis of network protocol syntax based on similarity matching. The main process of the method include collecting the raw packets by network sniffer, and then preprocessing the packets, using a variety of methods for 9 features extraction, establishing a network protocol syntax analysis model based on similarity matching method, to analyze the syntax feature of network protocol. Taking the TCP protocol as a known protocol, experiments were actualized with different types of protocols as UDP, DNS and QQ. The results show that in the three types of protocol header, more than 33% of the correct similar syntax fields can be found in TCP protocol, and the average accuracy rate was over 96%, the process needs not manual intervention, it can improve the analysis efficiency, reduce the constraints, expand the scope of the analysis, and analyze the network protocol syntax more effectively. © 2016, Beijing Institute of Technology. All right reserved.

引用

页码：520 / 523

页数：3

共 8 条

[1] Caballero J., Poosankam P., Kreibich C., Dispatcher: Enabling active botnet infiltration using automatic protocol reverse engineering, Proceedings of the ACM Conference on Computer and Communications Security, pp. 621-634, (2009)
[2] Comparetti P.M., Wondracek G., Kruegel C., Prospex Protocol specification extraction, Proceedings of 2009 30th IEEE Symposium on Security and Privacy (SP), pp. 110-125, (2009)
[3] Brumley D., Caballero J., Liang Z., Towards automatic discovery of deviations in binaryimplementations with applications to error detection and fingerprint generation, 16th USENIX Security Symposium, pp. 213-228, (2007)
[4] Pan F., Wu L., Du Y., Et al., Overviews on protocol reverse engineering, Application Research of Computers, 28, 8, pp. 2801-2806, (2011)
[5] Beddoe M., Protocd information project
[6] Cui W., Paxson V., Weaver N.C., Discoverer: Automatic protocol reverse engineering from network traces, 16th USENIX Security Symposium, (2008)
[7] Antunes J., Neves N., Verissimo P., Reverse engineering of protocols from network traces, 18th Working Conference on Reverse Engineering, pp. 169-178, (2011)
[8] Ying L., Yang Y., Feng D., Et al., Syntax and behavior semantics analysis of network protocol of malware, Journal of Software, 22, 7, pp. 1676-1689, (2011)

← 1 →