Position-based automatic reverse engineering of network protocols
作者: Jian-Zhen Luo , Shun-Zheng Yu
DOI: 10.1016/J.JNCA.2013.01.013
关键词:
摘要: Abstract Automatic protocol reverse engineering is a process of extracting message formats and state machine without access to the specification target protocol. Protocol useful for addressing many problems network management security, such as management, honey-pot systems, intrusion detection, Botnet detection prevention, so on. Currently, mainly manual painstaking which time-consuming error-prone. In this paper, we present novel approach automatic application-layer protocols. We extract keywords from traces based on their support rates variances positions, reconstruct formats, infer machines. implement our in prototype system called AutoReEngine evaluate it over four text-based protocols (HTTP, POP3, SMTP FTP) two binary (DNS NetBIOS). The results show that outperforms existing algorithms.
elsevier.com
sci-hub.se 参考文章(19)
Xuxian Jiang, Dongyan Xu, Zhiqiang Lin, Xiangyu Zhang, Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. network and distributed system security symposium. ,(2008)
Ramakrishnan Srikant, Rakesh Agrawal, Fast algorithms for mining association rules very large data bases. pp. 580- 592 ,(1998)
Vern Paxson, Weidong Cui, Nicholas Weaver, Randy H. Katz, Protocol-Independent Adaptive Replay of Application Dialog. network and distributed system security symposium. ,(2006)
Niels Provos, A virtual honeypot framework usenix security symposium. pp. 1- 1 ,(2004)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Weidong Cui, Helen J. Wang, Jayanthkumar Kannan, Discoverer: automatic protocol reverse engineering from network traces usenix security symposium. pp. 14- ,(2007)
Yu Wang, Yang Xiang, Wanlei Zhou, Shunzheng Yu, Generating regular expression signatures for network traffic classification in trusted network management Journal of Network and Computer Applications. ,vol. 35, pp. 992- 1000 ,(2012) , 10.1016/J.JNCA.2011.03.017
Juan Caballero, Heng Yin, Zhenkai Liang, Dawn Song, Polyglot: automatic extraction of protocol message format using dynamic binary analysis computer and communications security. pp. 317- 329 ,(2007) , 10.1145/1315245.1315286
Saul B. Needleman, Christian D. Wunsch, A general method applicable to the search for similarities in the amino acid sequence of two proteins Journal of Molecular Biology. ,vol. 48, pp. 443- 453 ,(1970) , 10.1016/0022-2836(70)90057-4
Fatemeh Amiri, MohammadMahdi Rezaei Yousefi, Caro Lucas, Azadeh Shakery, Nasser Yazdani, Mutual information-based feature selection for intrusion detection systems Journal of Network and Computer Applications. ,vol. 34, pp. 1184- 1199 ,(2011) , 10.1016/J.JNCA.2011.01.002