期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于网络数据流的未知密码协议逆向分析

Unknown Cryptographic Protocol Reverse Engineering Based on Network Flows
下载PDF
导出
摘要 针对新的应用和协议不断涌现而导致的网络数据流无法识别的问题,对未知密码协议逆向分析技术进行了研究。首先,对密码协议的行为模式进行分析,将密码协议分为安全连接建立阶段和数据传输阶段;其次,分析了安全连接建立阶段和数据传输阶段的数据特点,提出从安全连接建立阶段入手进行密码协议逆向分析的思想;针对密码协议变长字段多的特点,提出了随机采样、多序列对齐、数据挖掘相结合的字段划分方案,提高了字段划分的准确性和效率;分析了长度字段的特点,提出了长度字段的特征提取方法。基于网络数据流的未知密码协议逆向分析技术为网络监管提供技术支撑。 To overcome problems in identifying unknown cryptographic protocols applied in new applications,a method aimed at solving unknown cryptographic protocol reverse engineering based on network flows is proposed.Firstly,this paper analyzes the basic modes of traditional cryptographic protocol,and split the protocol into two different stages,that is secure connection establishment stage and data transmission stage.Then,it analyzes the data features of the two stages,and proposes the idea of reverse engineering from the first stage to gain information about the protocol.Finally,according to the features of many variable-length fields in cryptographic protocols,a new scheme combing random sampling,multi-sequence alignment and data mining is proposed,which improves the accuracy and efficiency of field division.At the same time,this paper proposes a novel technique to identify length field to further improve the correctness of protocol format parsing.Techniques here can be used to strengthen network supervision.
作者 陈曼 张文政 吉庆兵 CHEN Man;ZHANG Wenzheng;JI Qingbing(No.30 Institute of CETC,Chengdu Sichuan 610041,China)
机构地区 中国电子科技集团公司第三十研究所
出处 《信息安全与通信保密》 2022年第6期86-93,共8页 Information Security and Communications Privacy
基金 四川省科技计划资助项目(No.2021ZYD0011)。
关键词 未知密码协议 逆向分析 协议格式解析 网络安全 unknown cryptographic protocol reverse engineering protocol format parsing cyber security
分类号 TP315 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献2

二级参考文献31

  • 1赵咏,姚秋林,张志斌,郭莉,方滨兴.TPCAD:一种文本类多协议特征自动发现方法[J].通信学报,2009,30(S1):28-35. 被引量:10
  • 2KARAGIANNIS T,BROIDO A,BROWNLEE N. Is P2P Dying or just Hiding[J].IEEE Globecom,2004.1532-1538.
  • 3MORANDI O,BALDINI A,MONCLUS P R. Lightweight,Payload-based Traffic Classification:An Experimental Evaluation[A].2008.5869-5875.
  • 4LIM J,REPS T,LIBLIT B. Extracting Output Formats from Executables[A].2006.167-178.
  • 5KENDALL M G,STUART A,ORD J K. Kendall' s Advanced Theory of Statistics[M].Oxford:Oxford University Press Inc,1987.
  • 6Caballero J, Yin H, Liang Zhenkai, et al. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis [C]//Proc of the 14th ACM Conf on Computer and Communications Security. New York: ACM, 2007:317-329.
  • 7Cui Weidong, Peinado M, Chen K, et al. Tupni: Automatic reverse engineering of input formats [C] //Proc of the 15th ACM Conl on Computer and Communications Security. New York: ACM, 2008: 391-402.
  • 8Comparetti P M, Wondracek G, Kruegel C,et al. Prospex: Protocol specification extraction [C] //Proc of the 30th IEEE Syrup on Security and Privacy. Los Alamitos, CA: IEEE Computer Society, 2009:110-125.
  • 9Wang Zhi, Jiang Xuxian, Cui Weidong, et al. ReFormat: Automatic reverse engineering of encrypted messages [C] // Proc of the 4th European Syrup on Research in Computer Security. Berlin.. Springer, 2009; 200-215.
  • 10Caballero J, Poosankam P, Kreibich C, et al. Dispatcher: Enabling active botnet infiltration using automatic protocol reverse-engineering [C] //Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009:621-634.

共引文献16

信息安全与通信保密
2022年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部