Bit-oriented format extraction approach for automatic binary protocol reverse engineering
作者: Siyu Tao , Hongyi Yu , Qing Li
DOI: 10.1049/IET-COM.2015.0797
关键词:
摘要: Protocol message format extraction is a principal process of automatic network protocol reverse engineering when target specifications are not available. However, binary has been new challenge in recent years for approaches that traditionally have dealt with text-based protocols rather than protocols. In this study, the authors propose novel approach called PRE-Bin automatically extracts binary-type fields based on fine-grained bits. First, silhouette coefficient introduced into hierarchical clustering to confirm optimal number frames. Second, modified multiple sequence alignment algorithm, which matching and back-tracing rules redesigned, also proposed analyse field features. Finally, Bayes decision model invoked describe features determine bit-oriented boundaries. The maximum posteriori criterion leveraged complete an estimation implemented prototype system infer specification from actual traffic traces. Experimental results indicate effectively outperforms existing algorithms.
sci-hub.se 参考文章(8)
Weidong Cui, Helen J. Wang, Jayanthkumar Kannan, Discoverer: automatic protocol reverse engineering from network traces usenix security symposium. pp. 14- ,(2007)
Zhuo Zhang, Zhibin Zhang, Patrick P. C. Lee, Yunjie Liu, Gaogang Xie, Toward Unsupervised Protocol Feature Word Extraction IEEE Journal on Selected Areas in Communications. ,vol. 32, pp. 1894- 1906 ,(2014) , 10.1109/JSAC.2014.2358857
Jian-Zhen Luo, Shun-Zheng Yu, Position-based automatic reverse engineering of network protocols Journal of Network and Computer Applications. ,vol. 36, pp. 1070- 1077 ,(2013) , 10.1016/J.JNCA.2013.01.013
Xiangdong Li, Li Chen, None, A Survey on Methods of Automatic Protocol Reverse Engineering computational intelligence and security. pp. 685- 689 ,(2011) , 10.1109/CIS.2011.156
David Dagon, Guofei Gu, Christopher P. Lee, Wenke Lee, A Taxonomy of Botnet Structures annual computer security applications conference. pp. 325- 339 ,(2007) , 10.1109/ACSAC.2007.44
Min LI, Shun-Zheng YU, Noise-Tolerant and Optimal Segmentation of Message Formats for Unknown Application-Layer Protocols: Noise-Tolerant and Optimal Segmentation of Message Formats for Unknown Application-Layer Protocols Journal of Software. ,vol. 24, pp. 604- 617 ,(2014) , 10.3724/SP.J.1001.2013.04243
Fanzhi Meng, Yuan Liu, Chunrui Zhang, Tong Li, Yang Yue, Inferring protocol state machine for binary communication protocol Advanced Research and Technology in Industry Applications (WARTIA), 2014 IEEE Workshop on. pp. 870- 874 ,(2014) , 10.1109/WARTIA.2014.6976411
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7