二进制通信协议的推断协议状态机

2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA) Pub Date : 2014-12-08 DOI:10.1109/WARTIA.2014.6976411

Fanzhi Meng, Yuan Liu, Chunrui Zhang, Tong Li, Yang Yue

{"title":"二进制通信协议的推断协议状态机","authors":"Fanzhi Meng, Yuan Liu, Chunrui Zhang, Tong Li, Yang Yue","doi":"10.1109/WARTIA.2014.6976411","DOIUrl":null,"url":null,"abstract":"Communication protocol reverse engineering has played an important role in the field of network security. Inferring protocol state machine for unknown protocol is a part of protocol specifications mining. This paper proposed a novel approach in the mining of unknown binary protocol state machine. It allows to automatically generating the state models for binary protocol by listening to network traces. We present a new methodology to align the corresponding fields and extract the state relevant fields from binary protocol communication traces, and then based on the state relevant fields to construct the protocol state model. The experimental results of ARP and TCP show that our approach is effective.","PeriodicalId":288854,"journal":{"name":"2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)","volume":"4563 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Inferring protocol state machine for binary communication protocol\",\"authors\":\"Fanzhi Meng, Yuan Liu, Chunrui Zhang, Tong Li, Yang Yue\",\"doi\":\"10.1109/WARTIA.2014.6976411\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Communication protocol reverse engineering has played an important role in the field of network security. Inferring protocol state machine for unknown protocol is a part of protocol specifications mining. This paper proposed a novel approach in the mining of unknown binary protocol state machine. It allows to automatically generating the state models for binary protocol by listening to network traces. We present a new methodology to align the corresponding fields and extract the state relevant fields from binary protocol communication traces, and then based on the state relevant fields to construct the protocol state model. The experimental results of ARP and TCP show that our approach is effective.\",\"PeriodicalId\":288854,\"journal\":{\"name\":\"2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)\",\"volume\":\"4563 2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WARTIA.2014.6976411\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WARTIA.2014.6976411","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

通信协议逆向工程在网络安全领域发挥着重要作用。未知协议的推断协议状态机是协议规范挖掘的一部分。提出了一种新的未知二进制协议状态机挖掘方法。它允许通过监听网络轨迹自动生成二进制协议的状态模型。提出了一种从二进制协议通信轨迹中提取相应字段和状态相关字段的方法，并基于状态相关字段构建协议状态模型。ARP和TCP的实验结果表明，该方法是有效的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Inferring protocol state machine for binary communication protocol

Communication protocol reverse engineering has played an important role in the field of network security. Inferring protocol state machine for unknown protocol is a part of protocol specifications mining. This paper proposed a novel approach in the mining of unknown binary protocol state machine. It allows to automatically generating the state models for binary protocol by listening to network traces. We present a new methodology to align the corresponding fields and extract the state relevant fields from binary protocol communication traces, and then based on the state relevant fields to construct the protocol state model. The experimental results of ARP and TCP show that our approach is effective.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)

自引率

0.00%

发文量