摘要
针对传统协议指纹提取技术耗时耗力,且无法提取与识别加密协议指纹问题,提出了一种基于协议偏离的程序协议指纹自动提取方法。协议偏离描述了协议各版本实现程序的网络行为差异,以动态二进制分析技术为支撑,分别从协议偏离会话流层面与偏离消息层面对协议特征进行提取。实验结果不仅验证了所提方法的可行性,还为提取与识别加密协议应用程序指纹提供了一条新思路。
Since traditional protocol fingerprinting methods are usually time-consuming and cannot properly extract or recognize cryptographic protocols, we propose a novel protocol fingerprinting method based on protocol deviation. Protocol deviation describes the network behavior differentiations between different protocol implementations. Based on the dynamic binary analysis technology, the proposed method extracts protocol characteristics from the session stream level and the message level of protocol deviation. Experimental results show that the proposed method is not only feasible, but also provides a new idea for the fingerprinting of cryptographie protocol applications.
出处
《计算机工程与科学》
CSCD
北大核心
2015年第4期682-691,共10页
Computer Engineering & Science
基金
教育部高等学校博士学科点专项科研基金资助项目(20124307110014)
关键词
协议偏离
协议逆向工程
协议指纹
协议特征
protocol deviation
protocol reverse engineering
protocol fingerprint
protocol signature