Computer Science

Computer Science ›› 2020, Vol. 47 ›› Issue (6A): 556-560.doi: 10.11896/JsJkx.190900035

• Interdiscipline & Application • Previous Articles     Next Articles

Format Mining Method of Variable-length Domain in Private Binary Protocol

XU Xu-dong, ZHANG Zhi-xiang and ZHANG Xian   

  1. College of Electronic Engineering,Naval University of Engineering,Wuhan 430033,China
  • Published:2020-07-07
  • About author:XU Xu-dong, born in 1995, candidate.His main and research interests include software quality assurance, protocol reverse, etc.
    ZHANG Zhi-xiang, born in 1967, Ph.D associate, professor.His main research interests include software quality assu-rance, artificial intelligence, etc.

PDF (PC)

665

Abstract: Protocol reverse engineering is one of the important steps in fuzzy test field.Aiming at the problem that there is no good systematic method for the format mining of variable-length domain and the mining of keyword domain boundary of variable-length domain is not ideal in the private binary protocol,a method to deal with the length domain and keyword domain separately in variable-length domain is proposed.For the length domain,using the results of progressive multi-sequence alignment,the global length domain and the local length domain are respectively mined by using the iterative window mining method,and test on the data set constructed by SNMP protocol shows it has a good boundary mining effect.For the keyword domain,in view of the problem that the former boundary of the keyword domain cannot be mined with the existing methods,by improving the voting expert algorithm,and adding the reverse search tree,the front the back boundaries of the keyword domain can be mined at the same time.Test on the data set constructed by ICMP and HTTP protocol show that,there is greatl improvement compared with the traditional voting expert algorithm.

Key words: Binary protocol, Iterative window, Progressive multiple sequence comparison, Protocol format mining, Voting expert algorithm

CLC Number: 

  • TP393
[1] 黄影,邹颀伟,范科峰.基于Fuzzing测试的工控网络协议漏洞挖掘技术.通信学报,2018,39(S2):185-192.
[2] 张钊,温巧燕,唐文.协议规范挖掘研究综述.计算机工程与应用,2013,49(9):1-9.
[3] 钟晓欢.基于文本类型的应用层协议逆向解析技术的研究.北京邮电大学,2014.
[4] 李美剑.基于动态二进制分析的协议模型逆向提取及其应用研究.长沙:国防科学技术大学,2014.
[5] 罗建桢,余顺争,蔡君.基于最大似然概率的协议关键词长度确定方法.通信学报,2016,37(6):119-128.
[6] BOSSERT G,FRDRIC G,HIET G.Towards automated protocol reverse engineering using semantic information//Acm Symposium on Information.ACM,2014.
[7] LI H,SHUAI B,WANG J,et al.IEEE 2015 11th International Conference on Computational Intelligence and Security (CIS)-Shenzhen,China (2015.12.19-2015.12.20)//2015 11th International Conference on Computational Intelligence and Secu-rity (CIS)-Protocol Reverse Engineering Using LDA and Association Analysis.2015:312-316.
[8] TAO S,YU H,LI Q.Bit-oriented format extraction approach for automatic binary protocol reverse engineering.Iet Communications,2016,10(6):709-716.
[9] 闫小勇,李青.基于最佳路径搜索的二进制协议格式关键词边界确定方法.计算机应用,2018,38(6):206-211.
[10] 侯方杰,王雷,王嵩,等.基于位置的自动化网络流协议逆向分析方法.计算机工程,2019,45(5):84-87.
[11] ZHANG Z,ZHANG Z,LEE P P C,et al.ProWord:An unsupervised approach to protocol feature word extraction//Infocom,IEEE.2014.
[12] COHEN P,ADAMS N.An Algorithm for Segmenting Categorical Time Series into Meaningful Episodes//International Conference on Advances in Intelligent Data Analysis.Springer-Verlag,2001.
[13] COHEN P,ADAMS N,HEERINGA B.Voting experts:An unsupervised algorithm for segmenting sequences.IOS Press,2007.
[14] HERINGA J.Needleman-WunschAlgorithm//Encyclopedic Dictionary of Genetics,Genomics,and Proteomics.2004.
[15] HUNG C L,LIN Y S,LIN C Y,et al.CUDA ClustalW:An efficient parallel algorithm for progressive multiple sequence alignment on Multi-GPUs.Computational Biology & Chemistry,2015,58:62-68.
[1] CHEN Qing-chao, WANG Tao, FENG Wen-bo, YIN Shi-zhuang, LIU Li-jun. Unknown Binary Protocol Format Inference Method Based on Longest Continuous Interval [J]. Computer Science, 2020, 47(8): 313-318.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.