摘要
协议逆向技术是分析私有协议的重要途径,基于少量或零先验知识推断私有协议的约束与规范.在恶意应用监管、协议模糊测试、脆弱性检测、通信行为理解等方面均具有较高的实用价值.网络流量表征协议规范,承载协议固有特征,因此基于网络流量的私有协议逆向技术更适用于发现、分析并监管网络上的私有协议.在梳理现有的基于网络流量的私有协议逆向技术基础上,首先提出包括预推理、协议格式推断、语义分析以及协议状态机推理4步骤的基于网络流量的私有协议逆向技术框架,并阐述各个步骤的主要任务,提出面向研究方法本质的分类结构;其次,详细阐述各个私有协议逆向技术的方法流程,从适用协议类型、方法内核、推断算法等多个角度进行对比分析,提供现有基于网络流量的私有协议逆向技术系统概述;最后,归纳总结现有技术存在的问题以及主要影响因素,并对私有协议逆向技术的未来研究方向与应用场景进行展望.
Protocol reverse engineering is an important way to analyze private protocols,which can infer the protocol constraints and specifications with little or no prior knowledge,so protocol reverse engineering has practical value in malware supervision,protocol fuzz testing and vulnerability detection,interaction behavior understanding and so on.Network traffic characterizes protocol specifications and bears the inherent characteristics of protocol,so that the private protocol reverse engineering based on network traffic is more suitable for discovering,analyzing and monitoring the private protocol on the network.In this paper,we provide a thorough review of the existing private protocol reverse engineering based on network traffic:Firstly,the architecture of private protocol reverse engineering based on network traffic is proposed,which includes four steps of pre-inference,protocol format inference,semantic analysis,and protocol state machine inference.The main research tasks of each step are also elaborated and a classification structure oriented to the core of the research method is proposed.Secondly,the method and process of each private protocol reverse engineering are described in detail,and a comparative analysis from multiple perspectives of applicable protocol type,technology kernel,and inference algorithms etc is made.A systematic overview of existing private protocol reverse engineering based on network traffic is conducted.Finally,the shortcomings of existing research and main influencing factors are summarized,and the future research direction and application scenarios of private protocol reverse engineering are prospected.
作者
李峻辰
程光
杨刚芹
Li Junchen;Cheng Guang;Yang Gangqin(School of Cyber Science and Engineering,Southeast University,Nanjing 211189;Key Laboratory of Computer Network and Information Integration(Southeast University),Ministry of Education,Nanjing 211189;International Governance Research Base of Cyberspace(Southeast University),Nanjing 211189;Purple Mountain Laboratories,Nanjing 211102)
出处
《计算机研究与发展》
EI
CSCD
北大核心
2023年第1期167-190,共24页
Journal of Computer Research and Development
基金
国家自然科学基金面上项目(62172093)
国家重点研发计划项目(2020YFB1804604)
2019年工业互联网创新发展工程项目(6709010003)。
关键词
网络流量
私有协议逆向技术
格式推断
语义分析
协议状态机
network traffic
private protocol reverse engineering
format inference
semantic analysis
protocol state machine