{"title":"量化协议格式的可逆性","authors":"Zhengguo Xu, Ling You, Hui Zheng","doi":"10.1109/MASS.2018.00079","DOIUrl":null,"url":null,"abstract":"Protocol format reverse engineering aims to extract the protocol fields automatically without access to the protocol specification. Existing works focus on the methodology of deriving the protocol format efficiently, but neglect the relationship between the statistical characteristics of protocol data and the intrinsic properties of the protocol format. In this paper, we study two problems to see how the protocol specification affects the statistical properties, and how the latter affect the difficulty of format reverse analysis. Through empirical analysis of known protocols, we first verify the stationarity of protocol features, which is the stand for developing trace-based reverse methods. We study the position arrangement and value distribution of protocol fields, and investigate their influence on the statistical properties of the protocol format. Then we propose an HMP-based model of protocol data. Using this model, we define two quantitative indicators by protocol fields' structure and content to reflect the reversibility of protocol format: the field non-interlacing ratio and the field information variation. We apply the analysis of format reversibility to a number of typical realistic protocols. The results suggest that the fields of most protocols can be partially revealed, but there are also certain fields difficult for reverse analysis. The quantitative results can provide hints for improving protocol reverse engineering approaches.","PeriodicalId":146214,"journal":{"name":"2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Quantifying the Reversibility of Protocol Format\",\"authors\":\"Zhengguo Xu, Ling You, Hui Zheng\",\"doi\":\"10.1109/MASS.2018.00079\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Protocol format reverse engineering aims to extract the protocol fields automatically without access to the protocol specification. Existing works focus on the methodology of deriving the protocol format efficiently, but neglect the relationship between the statistical characteristics of protocol data and the intrinsic properties of the protocol format. In this paper, we study two problems to see how the protocol specification affects the statistical properties, and how the latter affect the difficulty of format reverse analysis. Through empirical analysis of known protocols, we first verify the stationarity of protocol features, which is the stand for developing trace-based reverse methods. We study the position arrangement and value distribution of protocol fields, and investigate their influence on the statistical properties of the protocol format. Then we propose an HMP-based model of protocol data. Using this model, we define two quantitative indicators by protocol fields' structure and content to reflect the reversibility of protocol format: the field non-interlacing ratio and the field information variation. We apply the analysis of format reversibility to a number of typical realistic protocols. The results suggest that the fields of most protocols can be partially revealed, but there are also certain fields difficult for reverse analysis. The quantitative results can provide hints for improving protocol reverse engineering approaches.\",\"PeriodicalId\":146214,\"journal\":{\"name\":\"2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MASS.2018.00079\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MASS.2018.00079","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Protocol format reverse engineering aims to extract the protocol fields automatically without access to the protocol specification. Existing works focus on the methodology of deriving the protocol format efficiently, but neglect the relationship between the statistical characteristics of protocol data and the intrinsic properties of the protocol format. In this paper, we study two problems to see how the protocol specification affects the statistical properties, and how the latter affect the difficulty of format reverse analysis. Through empirical analysis of known protocols, we first verify the stationarity of protocol features, which is the stand for developing trace-based reverse methods. We study the position arrangement and value distribution of protocol fields, and investigate their influence on the statistical properties of the protocol format. Then we propose an HMP-based model of protocol data. Using this model, we define two quantitative indicators by protocol fields' structure and content to reflect the reversibility of protocol format: the field non-interlacing ratio and the field information variation. We apply the analysis of format reversibility to a number of typical realistic protocols. The results suggest that the fields of most protocols can be partially revealed, but there are also certain fields difficult for reverse analysis. The quantitative results can provide hints for improving protocol reverse engineering approaches.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
