Analyze Network Protocol's Hidden Behavior
作者: Yanjing Hu , Liaojun Pang , Qingqi Pei , Xu An Wang
关键词:
摘要: Unknown protocol's hidden behavior is becoming a new challenge in network security. This paper takes the captured messages and binary code that implement protocol both as studied object. Dynamic Taint Analysis combined with Static used for analyzing. Firstly, monitor analyze process of program parses message virtual platform HiddenDisc prototype system developed by ourselves, record public behavior, then based on our proposed Hidden Behavior Perception Mining algorithm, static trigger conditions instruction sequences. According to conditions, sensitive information are generated, behaviors executed dynamic triggering. can sense, analysis behaviors. statistical results, we propose evaluation method Protocol Execution Security. The experimental results show present accurately mining behaviors, evaluate unknown execution
sci-hub.se 参考文章(8)
Yuxin Meng, Lam For Kwok, None, Adaptive blacklist-based packet filter with a statistic-based approach in network intrusion detection Journal of Network and Computer Applications. ,vol. 39, pp. 83- 92 ,(2014) , 10.1016/J.JNCA.2013.05.009
Chen-hui DU, yue MA, Li WANG, Mei SONG, Yi-hai XING, Energy-aware infrastructure placement for secure communication The Journal of China Universities of Posts and Telecommunications. ,vol. 20, pp. 75- 80 ,(2013) , 10.1016/S1005-8885(13)60244-7
Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, Kang Li, PeerRush: Mining for unwanted P2P traffic workshop on information security applications. ,vol. 19, pp. 194- 208 ,(2014) , 10.1016/J.JISA.2014.03.002
Jian-Zhen Luo, Shun-Zheng Yu, Position-based automatic reverse engineering of network protocols Journal of Network and Computer Applications. ,vol. 36, pp. 1070- 1077 ,(2013) , 10.1016/J.JNCA.2013.01.013
Blake Anderson, Curtis Storlie, Terran Lane, Improving malware classification Proceedings of the 5th ACM workshop on Security and artificial intelligence - AISec '12. pp. 3- 14 ,(2012) , 10.1145/2381896.2381900
Basil AsSadhan, José M.F. Moura, An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic Journal of Advanced Research. ,vol. 5, pp. 435- 448 ,(2014) , 10.1016/J.JARE.2013.11.005
Ying WANG, Li-ze GU, Zhong-xian LI, Yi-xian YANG, Protocol reverse engineering through dynamic and static binary analysis The Journal of China Universities of Posts and Telecommunications. ,vol. 20, pp. 75- 79 ,(2013) , 10.1016/S1005-8885(13)60217-4
Juan Caballero, Dawn Song, Automatic protocol reverse-engineering: Message format extraction and field semantics inference Computer Networks. ,vol. 57, pp. 451- 474 ,(2013) , 10.1016/J.COMNET.2012.08.003