Protocol Format Extraction Based on an Improved CFSM Algorithm 被引量：2

下载PDF

导出

摘要 As the information technology rapidly develops,many network applications appear and their communication protocols are unknown.Although many protocol keyword recognition based protocol reverse engineering methods have been proposed,most of the keyword recognition algorithms are time consuming.This paper firstly uses the traffic clustering method F-DBSCAN to cluster the unknown protocol traffic.Then an improved CFSM(Closed Frequent Sequence Mining)algorithm is used to mine closed frequent sequences from the messages and identify protocol keywords.Finally,CFGM(Closed Frequent Group Mining)algorithm is proposed to explore the parallel,sequential and hierarchical relations between the protocol keywords and obtain accurate protocol message formats.Experimental results show that the proposed protocol formats extraction method is better than Apriori algorithm and Sequence alignment algorithm in terms of time complexity and it can achieve high keyword recognition accuracy.Additionally,based on the relations between the keywords,the method can obtain accurate protocol formats.Compared with the protocol formats obtained from the existing methods,our protocol format can better grasp the overall structure of target protocols and the results perform better in the application of protocol reverse engineering such as fuzzing test.

作者 Peihong Lin Zheng Hong Lifa Wu Yihao Li Zhenji Zhou

机构地区 Army Engineering University Nanjing University of Posts and Telecommunications

出处《China Communications》 SCIE CSCD 2020年第11期156-180,共25页 中国通信（英文版）

基金 supported by the National Key R&D Subsidized Project with 2017YFB0802900.

关键词 flow clustering CFSM algorithm closed frequent sequences keyword recognition CFGM algorithm keyword relations format categorization

分类号 TN915.04 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献3

1朱玉娜,韩继红,袁霖,陈韩托,范钰丹.SPFPA:一种面向未知安全协议的格式解析方法[J].计算机研究与发展,2015,52(10):2200-2211. 被引量：15
2张洪泽,洪征,王辰,冯文博,吴礼发.基于闭合序列模式挖掘的未知协议格式推断方法[J].计算机科学,2019,46(6):80-89. 被引量：4
3潘璠,吴礼发,杜有翔,洪征.协议逆向工程研究进展[J].计算机应用研究,2011,28(8):2801-2806. 被引量：21

二级参考文献58

1赵咏,姚秋林,张志斌,郭莉,方滨兴.TPCAD:一种文本类多协议特征自动发现方法[J].通信学报,2009,30(S1):28-35. 被引量：10
2CABALLERO J, POOSANKAM P, KREIBICH C, et al. Dispatcher: enabling active hornet infiltration using automatic protocol reverse-engineering[ C ]//Proc of ACM Conference on Computer and Communications Security. 2009:621-634. 被引量：1
3LEITA C, DACIER M, MASSIC(YITE F. Automatic handling of protocol dependencies and reaction to O-day attacks with ScriptC, en-based honeypots[ C]//Proc of Symposium on Recent Advances in Intrusion Detection. 2006 : 185-205. 被引量：1
4DREGER H, FELDMANN A, MAI M, et al. Dynamic applicationlayer protocol analysis for network intrusion detection [ C ]//Proc of the 15th USENIX Security Symposium. 2006: 257-272. 被引量：1
5COMPARETrI P M, WONDRACEK G, KRUEGEL C, et al. Pwspex: protocol specification extraction [ C]//Proc of the 30th IEEE Symposium on Security and Privacy. 2009:110-125. 被引量：1
6BRUMLEY D, CABALLERO J, LIANG Zhen-kai, et al. Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation[ C]//Proc of the 16th USENIX Security Symposium. 2007:213-228. 被引量：1
7GROSSO C D, ANTONtOL G, PENTA M D, et al. Improving network applications security: a new heuristic to generate stress testing [C]//Proc of Data Genetic and Evolutionary Computation Conferenee. 2005 : 1037-1043. 被引量：1
8MCMINN P, HARMAN M, BINKLEY D, et al. The species per path approach to search-based test data generation [ C]//Proc of International Symposium on Software Testing and Analysis. 2006:13-24. 被引量：1
9LEITA C, MERMOUD K, DACIER M. ScriptGen: an automated script generation tool for honeyd[ C]//Proc of the 21st Annual Computer Security Applications Conference. 2005:203- 214. 被引量：1
10CUI Wei-dong, PAXSON V, WEAVER N C, et al. Protoeol-independent adaptive replay of application dialog [ C ]//Proc of the 13th Annual Network and Distributed System Security Symposium. 2006. 被引量：1

共引文献37

1戴理,舒辉,黄荷洁.基于数据流分析的网络协议逆向解析技术[J].计算机应用,2013,33(5):1217-1221. 被引量：4
2张钊,温巧燕,唐文.协议规范挖掘研究综述[J].计算机工程与应用,2013,49(9):1-9. 被引量：9
3黄笑言,陈性元,祝宁,唐慧林.基于状态标注的协议状态机逆向方法[J].计算机应用,2013,33(12):3486-3489. 被引量：8
4石旺,杨英杰,唐慧林,董丽鹏.基于消息序列图的协议交互过程构建方法[J].计算机应用,2015,35(5):1373-1378.
5吴礼发,王辰,洪征,庄洪林.协议状态机推断技术研究进展[J].计算机应用研究,2015,32(7):1931-1936. 被引量：8
6徐正国,邓月华.未知网络协议逆向分析综述[J].电信技术研究,2015,0(3):47-58.
7颜蕾,吴斌,宋宇波.基于状态机比对的状态机推断方案[J].江苏通信,2015,31(5):63-65.
8郭亮,罗森林,潘丽敏.基于相似度匹配的网络协议语法分析方法[J].北京理工大学学报,2016,36(5):520-523.
9朱玉娜,韩继红,袁霖,范钰丹,陈韩托,谷文.面向密码协议在线安全性的监测方法[J].通信学报,2016,37(6):75-85. 被引量：2
10薛开平,柳彬,王劲松,李威,薛颖杰.面向链路比特流的未知帧关联分析[J].电子与信息学报,2017,39(2):374-380. 被引量：10

同被引文献12

1应凌云,杨轶,冯登国,苏璞睿.恶意软件网络协议的语法和行为语义分析方法[J].软件学报,2011,22(7):1676-1689. 被引量：23
2黎敏,余顺争.抗噪的未知应用层协议报文格式最佳分段方法[J].软件学报,2013,24(3):604-617. 被引量：16
3朱玉娜,韩继红,袁霖,陈韩托,范钰丹.SPFPA:一种面向未知安全协议的格式解析方法[J].计算机研究与发展,2015,52(10):2200-2211. 被引量：15
4潘吴斌,程光,郭晓军,黄顺翔.网络加密流量识别研究综述及展望[J].通信学报,2016,37(9):154-167. 被引量：68
5张洪泽,洪征,王辰,冯文博,吴礼发.基于闭合序列模式挖掘的未知协议格式推断方法[J].计算机科学,2019,46(6):80-89. 被引量：4
6秦中元,陆凯,张群芳,黄星期.一种二进制私有协议字段格式划分方法[J].小型微型计算机系统,2019,40(11):2318-2323. 被引量：3
7张蔚瑶,张磊,毛建瓴,许智君,张玉军.未知协议的逆向分析与自动化测试[J].计算机学报,2020,43(4):653-667. 被引量：17
8王乃钰,叶育鑫,刘露,凤丽洲,包铁,彭涛.基于深度学习的语言模型研究进展[J].软件学报,2021,32(4):1082-1115. 被引量：48
9王占丰,程光,马玮骏,张嘉玮,孙中豪,胡超.基于网络轨迹的协议逆向技术研究进展[J].软件学报,2022,33(1):254-273. 被引量：6
10黄涛,付安民,季宇凯,毛安,王占丰,胡超.工控协议逆向分析技术研究与挑战[J].计算机研究与发展,2022,59(5):1015-1034. 被引量：11

引证文献2

1李峻辰,程光,杨刚芹.基于网络流量的私有协议逆向技术综述[J].计算机研究与发展,2023,60(1):167-190. 被引量：5
2安晓明,王忠勇,翟慧鹏,巩克现,王玮,孙鹏.基于深度学习的二进制变种协议字段划分方法[J].计算机工程与设计,2024,45(4):982-988.

二级引证文献5

1郑红兵,王焕伟,赵琪,董姝岐,井靖.基于Tamarin的MQTT协议安全性分析方法[J].计算机应用研究,2023,40(10):3132-3137. 被引量：2
2安晓明,王忠勇,翟慧鹏,巩克现,王玮,孙鹏.基于深度学习的二进制变种协议字段划分方法[J].计算机工程与设计,2024,45(4):982-988.
3童瑞谦,胡夏南,刘优然,秦研,张宁,王强.基于自动化私有协议识别的挖矿流量检测[J].北京航空航天大学学报,2024,50(7):2304-2313. 被引量：1
4刘奇旭,肖聚鑫,谭耀康,王承淳,黄昊,张方娇,尹捷,刘玉岭.工业互联网流量分析技术综述[J].通信学报,2024,45(8):221-237.
5肖盛忠,毛永强,吴晓丹,赵舒敏.工业控制系统私有协议解析方法研究[J].中国宽带,2024,20(2):70-72.

1杨亚锋,王玉玲,刘慧美.增强光谱钼靶与和磁共振成像在乳腺癌诊断中价值对比[J].包头医学,2020,44(2):1-3.
2罗振宇.人性有配方吗[J].学习之友,2020(10):61-61.
3Leilei LI,Jian LI,Yan CHANG,Yuguang YANG,Xiubo CHEN.Quantum key distribution based on single-particle and EPR entanglement[J].Science China(Information Sciences),2020,63(6):252-254. 被引量：2
4张明江.夫妇自编曳步舞,快乐感染数百万人[J].疯狂英语（新读写）,2020(9):60-60.
5WANG Ya-qin,SONG Yu,CAO Meng-ji,CHENG Qi,WU Jian-xiang,HU Tao.Identification of a novel emaravirus infecting lilac through next-generation sequencing[J].Journal of Integrative Agriculture,2020,19(8):2064-2071.
6左青海,杨凡,潘卫军.民用航空器尾流重新分类发展综述[J].河南科技,2020,39(26):65-70. 被引量：5
7San San Oo,Nyo Nyo Aung,Aye Aye Khine,Myo Sandar Win,San Aung,Tun Tun Myint,Khin Khin Yone,Nwe Nwe Aung,Khin Maw Maw Myint,Aung Aung,Khin Mar Lwin,Soe Soe Win,Nyunt Nyunt Oo,Biak Khun Aye.Distribution Pattern and Seasonal Variation of Bird Species from Semi-Urban Area of Taungoo Environs[J].American Journal of Operations Research,2020,10(4):111-121.
8Tian Shiming,Gong Feixiang,Mo Shuang,Li Meng,Wu Wenrui,Xiao Ding.End-to-end encrypted network traffic classification method based on deep learning[J].The Journal of China Universities of Posts and Telecommunications,2020,27(3):21-30. 被引量：2
9Hu Xin,Lizhou Tang,Chao Liu,Yong Gao,Dongqin Dai,Huanhuan Chen,Yan Deng,Bin Tian,Haibo Wang.Cloning and expression analysis of HXK1 gene from Jatropha curcas L.[J].Oil Crop Science,2020,5(2):85-89.
10Muhammad Awais,Wei Li,Muhammad Ajmal,Muhammad Faheem.Using IoT Innovation and Efficiency in Agriculture Monitoring System[J].Journal of Botanical Research,2020,2(2):14-20. 被引量：1

China Communications

2020年第11期

浏览历史

内容加载中请稍等...