摘要
深藏在网络协议中的隐形攻击行为日益成为网络安全面临的新挑战。针对现有协议逆向分析方法在协议行为分析特别是隐形攻击行为挖掘方面的不足,提出了一种新颖的指令聚类感知挖掘方法。通过抽取协议的行为指令序列,利用指令聚类算法对所有的行为指令序列进行聚类分析,根据行为距离的计算结果,从大量未知协议程序中快速准确地挖掘出隐形攻击行为指令序列。将动态污点分析和指令聚类分析相结合,在自主研发的虚拟分析平台Hidden Disc上分析了1 297个协议样本,成功挖掘出193个隐形攻击行为,自动分析和手动分析的结果完全一致。实验结果表明,该方案在效率和准确性方面对协议隐形攻击行为的感知挖掘都是理想的。
Deep stealth attack behavior in the network protocol becomes a new challenge to network security. In view of the shortcomings of the existing protocol reverse methods in the analysis of protocol behavior, especially the stealth at-tack behavior mining, a novel instruction clustering perception mining algorithm was proposed. By extracting the proto-col's behavior instruction sequences, and clustering analysis of all the behavior instruction sequences using the instruction clustering algorithm, the stealth attack behavior instruction sequences can be mined quickly and accurately from a large number of unknown protocol programs according to the calculation results of the behavior distance. Combining dynamic taint analysis with instruction clustering analysis,1 297 protocol samples were analyzed in the virtual analysis platform hidden disc which was developed independently, and 193 stealth attack behaviors were successfully mined, the results of automatic analysis and manual analysis were completely consistent. Experimental results show that,the solution is ideal for perception mining the protocol's stealth attack behavior in terms of efficiency and accuracy.
作者
胡燕京
裴庆祺
HU Yan-jing PEI Qing-qi(Network and Information Security Key Laboratory, Engineering University of CAPF, Xi'an 710086, China State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an 710071, China)
出处
《通信学报》
EI
CSCD
北大核心
2017年第6期39-48,共10页
Journal on Communications
基金
国家自然科学基金资助项目(No.61373170
No.61402530
No.61309022
No.61309008)~~
关键词
协议逆向分析
隐形攻击行为
指令聚类
protocol reverse analysis,stealth attack behavior,instruction clustering
