Protocol Formats Reverse Engineering Based on Association Rules in Wireless Environment
作者: Yong Wang , Nan Zhang , Yan-mei Wu , Bin-bin Su , Yong-jian Liao
关键词:
摘要: With the wide deployment of wireless networks, attackers may exploit Wi-Fi network vulnerabilities to transfer data secretly, or covert communication channels spread malicious codes. The protocol formats reverse engineering technique can be used detect such attacks, however, previous works are focused on application layer analysis, and hardly work under scenarios that captured is only in binary format due lack semantics. In this paper, we propose a novel framework, which utilizes association rules feature sequences identify unknown protocols from data. We first convert into bit stream, segment it frames. improved AC algorithm adopted analyze sequences. After which, extract their potential protocols. experimental results show our framework 100% ARP packets 98% ICMP
sci-hub.se 参考文章(15)
Xuxian Jiang, Dongyan Xu, Zhiqiang Lin, Xiangyu Zhang, Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. network and distributed system security symposium. ,(2008)
A. Blumer, J. Blumer, D. Haussler, A. Ehrenfeucht, M.T. Chen, J. Seiferas, THE SMALLEST AUTOMATON RECOGNIZING THE SUBWORDS OF A TEXT Theoretical Computer Science. ,vol. 40, pp. 31- 55 ,(1985) , 10.1016/0304-3975(85)90157-4
Patrick A. V. Hall, Geoff R. Dowling, Approximate String Matching ACM Computing Surveys. ,vol. 12, pp. 381- 402 ,(1980) , 10.1145/356827.356830
Juan Caballero, Heng Yin, Zhenkai Liang, Dawn Song, Polyglot: automatic extraction of protocol message format using dynamic binary analysis computer and communications security. pp. 317- 329 ,(2007) , 10.1145/1315245.1315286
Yipeng Wang, Xiaochun Yun, M. Zubair Shafiq, Liyan Wang, Alex X. Liu, Zhibin Zhang, Danfeng Yao, Yongzheng Zhang, Li Guo, A semantics aware approach to automated reverse engineering unknown protocols international conference on network protocols. pp. 1- 10 ,(2012) , 10.1109/ICNP.2012.6459963
Yipeng Wang, Xingjian Li, Jiao Meng, Yong Zhao, Zhibin Zhang, Li Guo, Biprominer: Automatic Mining of Binary Protocol Features parallel and distributed computing: applications and technologies. pp. 179- 184 ,(2011) , 10.1109/PDCAT.2011.25
Alfred V. Aho, Margaret J. Corasick, Efficient string matching: an aid to bibliographic search Communications of The ACM. ,vol. 18, pp. 333- 340 ,(1975) , 10.1145/360825.360855
W.I. Chang, E.L. Lawler, Approximate string matching in sublinear expected time foundations of computer science. pp. 116- 124 ,(1990) , 10.1109/FSCS.1990.89530
Paolo Milani Comparetti, Gilbert Wondracek, Christopher Kruegel, Engin Kirda, Prospex: Protocol Specification Extraction ieee symposium on security and privacy. pp. 110- 125 ,(2009) , 10.1109/SP.2009.14
James Newsome, David Brumley, Jason Franklin, Dawn Song, Replayer Proceedings of the 13th ACM conference on Computer and communications security - CCS '06. pp. 311- 321 ,(2006) , 10.1145/1180405.1180444