Automatic Network Protocol Automaton Extraction
作者: Ming-Ming Xiao , Shun-Zheng Yu , Yu Wang
DOI: 10.1109/NSS.2009.71
关键词:
摘要: Protocol reverse engineering, the process of (re)constructing protocol context communication sessions by an implementation, which involves translating a sequence packets into messages, grouping them sessions, and modeling state transitions in machine, is well-known to be invaluable for many network security applications, including intrusion prevention detection, traffic normalization, penetration testing, etc. However, current practice deriving specifications either mostly manual or focusing on automatic engineering message format only leaving machine inverse undone. Although regular expressions offer superior expressive ability flexibility, application protocols are described expression manually based sufficiently understanding itself. At present there not effect method realize classification, recognition control automatically known applications unknown future. In this paper novel approach presented model specification. work, whole realized through accomplishing then FSMs translated corresponding enrich update pattern database. This uses grammatical inference motivated observation that implementation inherently transition process, essence exactly. The important significance describe various with common transition, ones. had been implemented system evaluated using real-world implementations three different protocols: HTTP, SMTP, FTP, compared extracted other newly system, such as l7-filter.
ieeecomputersociety.org
acm.org 参考文章(21)
H. Rulot, E. Vidal, An efficient algorithm for the inference of circuit-free automata Syntactic and structural pattern recognition. pp. 173- 184 ,(1988) , 10.1007/978-3-642-83462-2_11
Jacques Chodorowski, Laurent Miclet, Applying Grammatical Inference in Learning a Language Model for Oral Dialogue international colloquium on grammatical inference. pp. 102- 113 ,(1998) , 10.1007/BFB0054068
Mark E. DeYoung, Dynamic Protocol Reverse Engineering: A Grammatical Inference Approach ,(2012)
Xuxian Jiang, Dongyan Xu, Zhiqiang Lin, Xiangyu Zhang, Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. network and distributed system security symposium. ,(2008)
Ravi Sethi, Jeffrey D. Ullman, Alfred V. Aho, Compilers: Principles, Techniques, and Tools ,(1986)
Tal Garfinkel, Mendel Rosenblum, Kevin Christopher, Ben Pfaff, Jim Chow, Understanding data lifetime via whole system simulation usenix security symposium. pp. 22- 22 ,(2004)
Weidong Cui, Helen J. Wang, Jayanthkumar Kannan, Discoverer: automatic protocol reverse engineering from network traces usenix security symposium. pp. 14- ,(2007)
H. Rulot, N. Prieto, E. Vidal, Learning accurate finite-state structural models of words through the ECGI algorithm international conference on acoustics, speech, and signal processing. pp. 643- 646 ,(1989) , 10.1109/ICASSP.1989.266509
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Pedro P. Cruz-Alcázar, Enrique Vidal-Ruiz, Learning Regular Grammars to Model Musical Style: Comparing Different Coding Schemes international colloquium on grammatical inference. pp. 211- 222 ,(1998) , 10.1007/BFB0054077