基于协议偏离的程序协议指纹提取与识别

Extraction and recognition of protocol fingerprint based on protocol deviation

下载PDF

导出

摘要针对传统协议指纹提取技术耗时耗力,且无法提取与识别加密协议指纹问题,提出了一种基于协议偏离的程序协议指纹自动提取方法。协议偏离描述了协议各版本实现程序的网络行为差异,以动态二进制分析技术为支撑,分别从协议偏离会话流层面与偏离消息层面对协议特征进行提取。实验结果不仅验证了所提方法的可行性,还为提取与识别加密协议应用程序指纹提供了一条新思路。 Since traditional protocol fingerprinting methods are usually time-consuming and cannot properly extract or recognize cryptographic protocols, we propose a novel protocol fingerprinting method based on protocol deviation. Protocol deviation describes the network behavior differentiations between different protocol implementations. Based on the dynamic binary analysis technology, the proposed method extracts protocol characteristics from the session stream level and the message level of protocol deviation. Experimental results show that the proposed method is not only feasible, but also provides a new idea for the fingerprinting of cryptographie protocol applications.

作者李美剑王勇军解培岱黄志坚

机构地区国防科学技术大学计算机学院

出处《计算机工程与科学》 CSCD 北大核心 2015年第4期682-691,共10页 Computer Engineering & Science

基金教育部高等学校博士学科点专项科研基金资助项目(20124307110014)

关键词协议偏离协议逆向工程协议指纹协议特征 protocol deviation protocol reverse engineering protocol fingerprint protocol signature

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献13

1Lyon G F. Nmap network scanning: The official Nmap project guide to network discovery and security scanning[M].[S.l.]Nmap Project, 2009.
2NMap. Network mapper [EB/OL]. [20130819].http:∥ nmap.org/.
3Tenable Network Security. Nessus[EB/OL].[20131021].http:∥www.nessus.org/.
4Xprobe. XProbe[EB/OL]. [20100708]. http:∥ xprobe.sourceforge.net/oldindex.html.
5Arkin O, Yarochkin F. Xprobe v2.0: A “Fuzzy” approach to remote active operating system fingerprinting[EB/OL].[ 20020802].http:∥www.xprobe2.org.
6Arends R, Schlyter J. fpdns  DNS fingerprinting tool[EB/OL].[20120309].http:∥www.filewatcher.com/d/FreeBSD/9stable/powerpc/fpdns0.9.3.tbz.14574.html.
7Li Meijian, Wang Yongjun, Xie Peidai, et al. Reverse engineering of security protocol format based on dynamic binary analysis[C]∥Proc of International Conference on Computer Convergence Technology (ICCCT), 2011:10.
8Li Meijian, Wang Yongjun, Jin Shangjie, et al. ReverPS: Reverse extraction of protocol specification from network applications[C]∥Proc of the 7th International Conference on Frontier of Computer Science and Technology (FCST12), 2012:15.
9Li Meijian, Wang Yongjun, Xie Peidai. A binary analysis method for protocol deviation discover from implementations[C]∥Proc of the 27th International Conference on Information Networking (ICOIN), 2013:1.
10Shu Guoqiang,Lee D.Network protocol system fingerprintingA formal approach[C]∥Proc of the 25th IEEE International Conference on Computer Communications (INFOCOM), 2006:1.

1张钊,唐文,温巧燕.一种基于长度语义约束的报文格式挖掘方法[J].北京邮电大学学报,2012,35(6):55-59. 被引量：4
2张乐,周浚哲,唐健.一种基于细节点生成角度的指纹匹配算法[J].沈阳工业学院学报,2004,23(4):61-63. 被引量：2
3王炜,程东年,马海龙.基于趋势感知协议指纹的Skype加密流量识别算法[J].计算机应用研究,2015,32(1):183-186. 被引量：4
4龙坤,陈庶樵,董永吉.P2P流量识别方法比较研究[J].信息工程大学学报,2009,10(2):275-279. 被引量：1
5颜蕾,吴斌,宋宇波.基于状态机比对的状态机推断方案[J].江苏通信,2015,31(5):63-65.
6潘璠,吴礼发,杜有翔,洪征.协议逆向工程研究进展[J].计算机应用研究,2011,28(8):2801-2806. 被引量：21
7钟红山.应用程序“指纹”技术检查计算机程序感染病毒[J].数字技术与应用,2014,32(3):183-184.
8陈昀,苏翔宇,张建平.使用Snort检测网络中的P2P传输[J].网络安全技术与应用,2007(8):25-26. 被引量：1
9陈昀,苏翔宇,张建平.使用Snort检测网络中的P2P传输[J].现代计算机,2007,13(1):44-46.
10宋静波,陈家冰.刑事侦查中的指纹提取制约因素[J].黑龙江科技信息,2016(35):152-152. 被引量：1

计算机工程与科学

2015年第4期

浏览历史

内容加载中请稍等...

基于协议偏离的程序协议指纹提取与识别

参考文献13

相关作者

相关机构

相关主题

浏览历史