How far an evolutionary approach can go for protocol state analysis and discovery

2013 IEEE Congress on Evolutionary Computation Pub Date : 2013-06-20 DOI:10.1109/CEC.2013.6557965

P. LaRoche, A. Burrows, A. N. Zincir-Heywood

{"title":"How far an evolutionary approach can go for protocol state analysis and discovery","authors":"P. LaRoche, A. Burrows, A. N. Zincir-Heywood","doi":"10.1109/CEC.2013.6557965","DOIUrl":null,"url":null,"abstract":"Securing todays computer networks requires numerous technologies to constantly be developed, refined and challenged. One area of research aiding in this process is that of protocol analysis, the study of the methods with which networks communicate. Our specific area of interest, the interaction with different protocol implementations, is a crucial component of this domain. Our work aims to identify and highlight a protocols states and state transitions, while minimizing the required a priori knowledge known about the protocol and its different versions (implementations). To this end, our approach uses a Genetic Programming (GP) based technique in order to analyze a client or a server of a given protocol via interacting with it with minimum a priori information. We evaluate our system against another well-known system from the literature on two different protocols, namely Dynamic Host Configuration Protocol (DHCP) and File Transfer Protocol (FTP). We measure the performances of these two systems in terms of the similarities and differences seen in the state diagrams produced for the protocols under testing. Results show that, by using our approach, it is possible to identify the different versions of a given protocol.","PeriodicalId":211988,"journal":{"name":"2013 IEEE Congress on Evolutionary Computation","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Congress on Evolutionary Computation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CEC.2013.6557965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Securing todays computer networks requires numerous technologies to constantly be developed, refined and challenged. One area of research aiding in this process is that of protocol analysis, the study of the methods with which networks communicate. Our specific area of interest, the interaction with different protocol implementations, is a crucial component of this domain. Our work aims to identify and highlight a protocols states and state transitions, while minimizing the required a priori knowledge known about the protocol and its different versions (implementations). To this end, our approach uses a Genetic Programming (GP) based technique in order to analyze a client or a server of a given protocol via interacting with it with minimum a priori information. We evaluate our system against another well-known system from the literature on two different protocols, namely Dynamic Host Configuration Protocol (DHCP) and File Transfer Protocol (FTP). We measure the performances of these two systems in terms of the similarities and differences seen in the state diagrams produced for the protocols under testing. Results show that, by using our approach, it is possible to identify the different versions of a given protocol.

查看原文本刊更多论文

对于协议状态分析和发现，进化方法能走多远

保护今天的计算机网络需要不断开发、改进和挑战许多技术。协助这一过程的一个研究领域是协议分析，即研究网络通信的方法。我们感兴趣的特定领域，即与不同协议实现的交互，是这个领域的关键组成部分。我们的工作旨在识别和突出协议状态和状态转换，同时最小化所需的关于协议及其不同版本(实现)的先验知识。为此，我们的方法使用基于遗传规划(GP)的技术，以便通过与最小先验信息交互来分析给定协议的客户端或服务器。我们将我们的系统与另一个知名的系统进行对比，该系统基于两种不同的协议，即动态主机配置协议(DHCP)和文件传输协议(FTP)。我们根据为测试中的协议生成的状态图中的相同点和不同点来度量这两个系统的性能。结果表明，通过使用我们的方法，可以识别给定协议的不同版本。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 IEEE Congress on Evolutionary Computation

自引率

0.00%

发文量