期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于网络轨迹的协议逆向技术研究进展 被引量:6

Research Progress of Network Protocol Reverse Engineering Technologies Based on Network Trace
下载PDF
导出
摘要 协议逆向广泛应用于入侵检测系统、深度包检测、模糊测试、僵尸网络检测等领域.首先给出了协议逆向工程的形式化定义和基本原理,然后针对网络运行轨迹的协议逆向方法和工具从协议格式提取和协议状态机推断两个方面对现有的协议逆向方法进行了详细分析,阐释其基本模块、主要原理和特点,最后从多个角度对现有算法进行了比较,对基于网络流量的协议逆向技术的发展趋势进行了展望和分析. Protocol reverse engineering is widely used in intrusion detection system,deep packet inspection,fuzzy testing,C&C malware detection,and other fields.First,the formal definition and basic principle of protocol reverse engineering are given.Then,the existing protocol reverse methods based on network trace are analyzed in detail from two aspects of protocol format extraction and protocol state machine inference.In addition,the basic modules,main principles,and characteristics of these algorithms are explained.Finally,the existing algorithms are compared from several aspects,and the development trend of protocol reverse technology is discussed.
作者 王占丰 程光 马玮骏 张嘉玮 孙中豪 胡超 WANG Zhan-Feng;CHENG Guang;MA Wei-Jun;ZHANG Jia-Wei;SUN Zhong-Hao;HU Chao(School of Computer Science and Engineering,Southeast University,Nanjing 211189,China;College of Cyber Science and Engineering,Southeast University,Nanjing 211189,China;Nanjing Lexbell Information Technology Co.Ltd.,Nanjing 210007,China;National Computer Network Emergency Response Technique Team/Coordination Center of China,Beijing 100020,China;College of Command Control Engineering,Army Engineering University of PLA,Nanjing 210007,China)
机构地区 东南大学计算机科学与工程学院 东南大学网络空间安全学院 南京莱克贝尔信息技术有限公司 国家计算机网络应急技术处理协调中心 解放军陆军工程大学指挥控制工程学院
出处 《软件学报》 EI CSCD 北大核心 2022年第1期254-273,共20页 Journal of Software
基金 国家重点研发计划(2018YFB1800200,2017YFB081703) 赛尔网络下一代互联网技术创新基金(NGII20170406) 东南大学博士后创新人才培养基金(2242019R20024) 浙江省公益性技术应用研究计划(LGG20F020014)。
关键词 协议逆向工程 多序列比对 语法推断 语义推断 协议状态机 protocol reverse engineering multiple sequence alignment syntax inference semantic inference protocol state machine
分类号 TP303 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献2

二级参考文献20

  • 1刘立芳,霍红卫,王宝树.PHGA-COFFEE:多序列比对问题的并行混合遗传算法求解[J].计算机学报,2006,29(5):727-733. 被引量:11
  • 2Leita C, Dacier M, Massicotte F. Automatic Handling of Protocol Dependencies and Reaction to 0-day Attacks with ScriptGen- based Honeypots[C]//Proc. of the 9th International Conference on Recent Advances in Intrusion Detection. Berlin, Germany: Springer-Verlag, 2006.
  • 3Comparetti P M, Wondracek G, Kruegel C, et al. Prospex: Protocol Specification Extraction[C]//Proc. of the 30th IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Press, 2009.
  • 4Cui Weidong, Paxson V, Weaver N C, et al. Protocol-independent Adaptive Replay of Application Dialog[C]//Proc. of Network and Distributed System Security Symposium. San Diego, USA: [s. n.], 2006.
  • 5Newsome J, Brumley D, Franklin J, et al. Replayer: Automatic Protocol Replay by Binary Analysis[C]//Proc. of ACM Conference on Computer and Communications Security. New York, USA: [s. n.], 2006.
  • 6Marshall B. Protocol Informations Project[EB/OL]. (2010-11-21). http://www.4tphi.net/~awalters/PI/PI.html.
  • 7Cui Weidong, Kannan J, Helen J W, Discoverer: Automatic Protocol Reverse Engineering from Network Traces[C]//Proc. of the 16th USENIX Security Symposium. [S. l.]: USENIX, 2007.
  • 8Cui Weidong, Paxson V, Weaver N C, et al. Protocol-inde- pendent adaptive replay of application dialog [ C ]//Proceed- ing of the 13th Annual Network and Distributed System Se- curity Symposium. San Diego, CA,2006.
  • 9Dreger H, Feldmann A, Mai M, et al. Dynamic application- layer protocol analysis for network intrusion detection[ C ]// USENIX Security Symposium. Vancouver, Canada, 2006: 257 - 272.
  • 10Caballero J, Poosankam P, Kreibich C, et al. Dispatcher: ena- bling active hornet infiltration using automatic protocol re- verse-engineering[ C]//ACM Conference on Computer and Communications Security. ACM, New York, NY, USA ,2009 : 621 - 634.

共引文献16

同被引文献37

引证文献6

二级引证文献12

软件学报
2022年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部