Prospex: Protocol Specification Extraction
作者: Paolo Milani Comparetti , Gilbert Wondracek , Christopher Kruegel , Engin Kirda
DOI: 10.1109/SP.2009.14
关键词:
摘要: Protocol reverse engineering is the process of extracting application-level specifications for network protocols. Such are very useful in a number security-related contexts, example, to perform deep packet inspection and black-box fuzzing, or quickly understand custom botnet command control (C\&C) channels.Since manual time-consuming tedious process, systems have been proposed that aim automate this task. These either analyze traffic directly monitor execution application receives protocol messages. While previous show precise message formats can be extracted automatically, they do not provide specification.The reason engineer state machine.In paper, we focus on closing gap by presenting system capable automatically inferring machines. This greatly enhances results automatic engineering, while further reducing need human interaction. We extend work focuses behavior-based format extraction,and introduce techniques identifying clustering different types messages only based their structure, but also according impact each server behavior.Moreover, present an algorithm machine.We applied our real-world protocols, including used malicious bot. Our demonstrate able extract meaningful use these generate input stateful fuzzer,allowing us discover security vulnerabilities applications.
ucsb.edu
sci-hub.se 参考文章(52)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Weidong Cui, Helen J. Wang, Jayanthkumar Kannan, Discoverer: automatic protocol reverse engineering from network traces usenix security symposium. pp. 14- ,(2007)
Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang, Mike Grace, ReFormat: automatic reverse engineering of encrypted messages european symposium on research in computer security. pp. 200- 215 ,(2009) , 10.1007/978-3-642-04444-1_13
Kevin J. Lang, Barak A. Pearlmutter, Rodney A. Price, Results of the Abbadingo One DFA Learning Competition and a New Evidence-Driven State Merging Algorithm international colloquium on grammatical inference. pp. 1- 12 ,(1998) , 10.1007/BFB0054059
Pongsin Poosankam, Juan Caballero, Dawn Song, Avrim Blum, Min G Kang, Shobha Venkataraman, FiG: Automatic Fingerprint Generation network and distributed system security symposium. ,(2007) , 10.1184/R1/6468806.V1
Cristian Cadar, Daniel Dunbar, Dawson Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs operating systems design and implementation. pp. 209- 224 ,(2008) , 10.5555/1855741.1855756
Rauli Kaksonen, Marko Laakso, Ari Takanen, System Security Assessment through Specification Mutations and Fault Injection international conference on communications. pp. 27- ,(2001) , 10.1007/978-0-387-35413-2_16
Corrado Leita, Marc Dacier, Frederic Massicotte, Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots Lecture Notes in Computer Science. pp. 185- 205 ,(2006) , 10.1007/11856214_10
E Mark Gold, Language identification in the limit Information & Computation. ,vol. 10, pp. 447- 474 ,(1967) , 10.1016/S0019-9958(67)91165-5
Richard M. Karp, Reducibility Among Combinatorial Problems Journal of Symbolic Logic. ,vol. 40, pp. 219- 241 ,(2010) , 10.1007/978-3-540-68279-0_8