Dynamic Combined with Static Analysis for Mining Network Protocol's Hidden Behavior
作者: Yanjing Hu , Qingqi Pei
DOI: 10.4018/IJBDCN.2017070101
关键词:
摘要: Unknown protocol's hidden behavior is becoming a new challenge in network security. This paper takes the captured messages and the binary code that implement the protocol both as the studied object. Dynamic Taint Analysis combined with Static Analysis is used for protocol analyzing. Firstly, monitor and analyze the process of protocol program parses the message in the virtual platform HiddenDisc prototype system developed by the authors, record the protocol's public behavior, then based on the authors' proposed Hidden Behavior Perception and Mining algorithm, static analyze the protocol's hidden behavior trigger conditions and hidden behavior instruction sequences. According to the hidden behavior trigger conditions, new protocol messages with the sensitive information are generated, and the hidden behaviors are executed by dynamic triggering. HiddenDisc prototype system can sense, trigger and analyze the protocol's hidden behaviors. According to the statistical analysis results, the authors propose the evaluation method of Protocol Execution Security. The experimental results show that the present method can accurately mining the protocol's hidden behaviors, and can evaluate unknown protocol's execution security.
sci-hub.st 参考文章(25)
Steffen Wendzel, Jörg Keller, Hidden and Under Control A Survey and Outlook on Covert Channel-internal Control Protocols Annales Des Télécommunications. ,vol. 69, pp. 417- 430 ,(2014) , 10.1007/S12243-014-0423-X
Pratiksha Natani, Deepti Vidyarthi, An Overview of Detection Techniques for Metamorphic Malware ICACNI. pp. 637- 643 ,(2014) , 10.1007/978-81-322-1665-0_63
Baojiang Cui, Fuwei Wang, Yongle Hao, Lingyu Wang, A taint based approach for automatic reverse engineering of gray-box file formats soft computing. ,vol. 20, pp. 3563- 3578 ,(2016) , 10.1007/S00500-015-1713-6
Rubem Pereira, Ella G. Pereira, Future internet: trends and challenges International Journal of Space-Based and Situated Computing. ,vol. 5, pp. 159- 167 ,(2015)
Yu Wang, Yang Xiang, Wanlei Zhou, Shunzheng Yu, Generating regular expression signatures for network traffic classification in trusted network management Journal of Network and Computer Applications. ,vol. 35, pp. 992- 1000 ,(2012) , 10.1016/J.JNCA.2011.03.017
Georges Bossert, Frédéric Guihéry, Guillaume Hiet, Towards automated protocol reverse engineering using semantic information computer and communications security. pp. 51- 62 ,(2014) , 10.1145/2590296.2590346
M. Zubair Rafique, Juan Caballero, Christophe Huygens, Wouter Joosen, Network dialog minimization and network dialog diffing: two novel primitives for network security applications annual computer security applications conference. pp. 166- 175 ,(2014) , 10.1145/2664243.2664261
Yangseo Choi, Eul Gyu Im, Boojoong Kang, Taekeun Kim, Heejun Kwon, Malware classification method via binary content comparison research in applied computation symposium. pp. 316- 321 ,(2012) , 10.1145/2401603.2401672
Meijian Li, Yongjun Wang, Shangjie Jin, Peidai Xie, Reverse extraction of protocol model from network applications International Journal of Internet Protocol Technology. ,vol. 7, pp. 228- 245 ,(2013) , 10.1504/IJIPT.2013.058671
Wei Lin, Jinlong Fei, Yuefei Zhu, Xiaolong Shi, A Method of Multiple Encryption and Sectional Encryption Protocol Reverse Engineering computational intelligence and security. pp. 420- 424 ,(2014) , 10.1109/CIS.2014.114