期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于数据流分析的网络协议逆向解析技术 被引量:4

Network protocol reverse parsing technique based on dataflow analysis
下载PDF
导出
摘要 对未知网络协议进行逆向解析在网络安全应用中具有重要的意义。现有的协议逆向解析方法大都存在无法处理加密协议和无法获取协议字段语义信息的问题。针对这一问题,提出并实现了一种基于数据流分析的网络协议解析技术。该技术依托动态二进制插桩平台Pin下编写的数据流记录插件,以基于数据关联性分析的数据流跟踪技术为基础,对软件使用的网络通信协议进行解析,获取协议的格式信息,以及各个协议字段的语义。实验结果证明,该技术能够正确解析出软件通信的协议格式,并提取出各个字段所对应的程序行为语义,尤其对于加密协议有不错的解析效果,达到了解析网络协议的目的。 Reverse parsing unknown network protocol is of great significance in many network security applications. Most of the existing protocol reverse parsing methods can not handle the encryption protocol or get the semantic information of the protocol field. To solve this problem, a network protocol parsing technique based on dataflow analysis was proposed. According to the data flow recording tool developed on Pin platform, it could parse the network protocol with the aid of the dependence analysis based data flow tracking technology, as well as obtain the protocol format and semantic information of each protocol field. The experimental results show that the technique can parse out the protocol format correctly, especially for the encryption protocol, and extract the program behavior semantics of each protocol field.
作者 戴理 舒辉 黄荷洁
机构地区 信息工程大学
出处 《计算机应用》 CSCD 北大核心 2013年第5期1217-1221,共5页 journal of Computer Applications
关键词 数据流分析 网络协议逆向 加密协议解析 动态二进制插桩 协议字段语义 dataflow analysis network protocol reverse encryption protocol parsing dynamic binary instrumentation protocol field semantic
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1应凌云,杨轶,冯登国,苏璞睿.恶意软件网络协议的语法和行为语义分析方法[J].软件学报,2011,22(7):1676-1689. 被引量:23
  • 2WILLEMS C, HOLZ T, FREILING F C. Toward automated dynam- ic malware analysis using CWSandbox [ J]. IEEE Security Privacy, 2007, 5(2): 32-39. 被引量:1
  • 3CUI W D, PEINADO M, CHEN K, et al. Tupni: automatic reverse engineering of input formats [ C]// CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008:391-402. 被引量:1
  • 4MA J, LEVCHENKO K, KREIBICH C, et al. Unexpected means of protocol inference [ C]// Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement. New York: ACM, 2006:313 - 326. 被引量:1
  • 5SMALL S, MASON J, MONROSE F, et al. To catch a predator: A natural language approach for eliciting malicious payloads [ C]//Se- curity 2008: Proceedings of the 17th USENIX Security Symposium. Berkeley: USENIX Association, 2008: 171- 183. 被引量:1
  • 6KRUEGEL C, ROBERTSON W, VALEUR F, et al. Static disas- sembly of obfuscated binaries[ C] //Proceedings of the 13th Confer- ence on USENIX Security Symposium. New York: ACM, 2004: 18. 被引量:1
  • 7NEWSOME J, SONG D. Dynamic taint analysis for automatic detec- tion, analysis, and signature generation of exploits on commodity software[ EB/OL]. [ 2012 - 10 - 01 ]. http://valgrind, org/docs/ newsome2005, pdf. 被引量:1
  • 8NICHOLAS N . Dynamic binary analysis and instrumentation or building tools is easy [ D]. Trinity Lane, Cambridge: University of Cambridge, 2004. 被引量:1
  • 9周侃..基于数据流跟踪和库函数识别检测溢出攻击[D].上海交通大学,2011:
  • 10王卓.基于符号执行的二进制代码动态污点分析[D].上海:上海交通大学,2010. 被引量:2

二级参考文献64

  • 1Caballero J,Yin Heng,Liang Zhenkai,et al.Polyglot:Automatic Extraction of Protocol Format Using Dynamic Binary Analysis[C]// Proc.of the 14th ACM Conference on Computer and Communications Security.Alexandria,USA:[s.n.],2007. 被引量:1
  • 2Beddoe M.The Protocol Informatics Project[EB/OL].[2009-08-24].http://www.4tphi.net/~awalters/PI/PI.Html. 被引量:1
  • 3Cui Weidong,Kannan J,Wang H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//Proc.of the 16th Usenix Security Symposium.Boston,VA:USA:[s.n.],2007. 被引量:1
  • 4Lin Zhiqiang,Jiang Xuxian,Xu Dongyan,et al.Automatic Protocol Format Reverse Engineering Through Context-aware Monitored Execution[C]//Proc.of the 15th Symposium on Network and Distributed System Security.San Diego,California,USA:[s.n.],2008. 被引量:1
  • 5Cui Weidong,Peinado M,Chen K,et al.Tupni:Automatic Reverse Engineering of Input Formats[C]//Proc.of ACM Conference on Computer and Communications Security.Alexandria,VA,USA:[s.n.].2008. 被引量:1
  • 6Wondracek G,Comparetti P M,Kruegel C,et al.Automatic Network Protocol Analysis[C]//Proc.of the 15th Annual Network and Distributed System Security Symposium.San Diego,California,USA:[s.n.],2008. 被引量:1
  • 7Bruening D L.Efficient,Transparent,and Comprehensive Runtime Code Manipulation[D].Cambridge,USA:Massachusetts Institute of Technology,2004. 被引量:1
  • 8CABALLERO J, POOSANKAM P, KREIBICH C, et al. Dispatcher: enabling active hornet infiltration using automatic protocol reverse-engineering[ C ]//Proc of ACM Conference on Computer and Communications Security. 2009:621-634. 被引量:1
  • 9LEITA C, DACIER M, MASSIC(YITE F. Automatic handling of protocol dependencies and reaction to O-day attacks with ScriptC, en-based honeypots[ C]//Proc of Symposium on Recent Advances in Intrusion Detection. 2006 : 185-205. 被引量:1
  • 10DREGER H, FELDMANN A, MAI M, et al. Dynamic applicationlayer protocol analysis for network intrusion detection [ C ]//Proc of the 15th USENIX Security Symposium. 2006: 257-272. 被引量:1

共引文献48

同被引文献36

引证文献4

二级引证文献7

计算机应用
2013年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部