期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于报文序列分析的半自动协议逆向方法 被引量:5

A Semiautomatic Protocol Reverse Method Based on Message Sequence Analysis
在线阅读 下载PDF
导出
摘要 基于报文序列分析的协议逆向方法在自动化分析过程中缺乏对人工知识的引入。为此,提出一种半自动协议逆向方法。通过人工输入的方式,将先验知识加入到报文分析中,用于指导报文的语义推断,并对分析结果进行人工纠正。实验结果表明,该方法能提高报文分析的效率和准确率。 Protocol reverse methods based on message sequence analysis are all automatic and lack of considering the human knowledge in the automatic analysis.This paper presents a semiautomatic method,which makes use of human knowledge.This method brings the prior knowledge into the process of analysis via manual input,which can induct the semantic inference of the samples in some degree.It can also correct the result of analysis manually.Experimental results show that this method not only can improve the efficiency,but also can increase the accuracy of analysis obviously.
作者 杜有翔 吴礼发 潘璠 洪征
机构地区 解放军理工大学指挥自动化学院
出处 《计算机工程》 CAS CSCD 2012年第19期277-280,共4页 Computer Engineering
基金 江苏省自然科学基金资助项目(BK2011115)
关键词 协议逆向工程 人工知识 先验知识 人工纠正 语义推断 语义验证 protocol reverse engineering human knowledge priori knowledge artificial correction semantic inference semantic verification
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
作者简介 杜有翔(1986-),男,硕士研究生,主研方向:逆向工程,E-mail:duyouxiang0513091@163.com;吴礼发,教授、博士、博士生导师;潘璠,博士研究生;洪征,副教授、博士
  • 相关文献

参考文献8

  • 1Leita C, Dacier M, Massicotte F. Automatic Handling of Protocol Dependencies and Reaction to 0-day Attacks with ScriptGen- based Honeypots[C]//Proc. of the 9th International Conference on Recent Advances in Intrusion Detection. Berlin, Germany: Springer-Verlag, 2006.
  • 2Comparetti P M, Wondracek G, Kruegel C, et al. Prospex: Protocol Specification Extraction[C]//Proc. of the 30th IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Press, 2009.
  • 3李伟明,张爱芳,刘建财,李之棠.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. 被引量:67
  • 4应凌云,杨轶,冯登国,苏璞睿.恶意软件网络协议的语法和行为语义分析方法[J].软件学报,2011,22(7):1676-1689. 被引量:23
  • 5Cui Weidong, Paxson V, Weaver N C, et al. Protocol-independent Adaptive Replay of Application Dialog[C]//Proc. of Network and Distributed System Security Symposium. San Diego, USA: [s. n.], 2006.
  • 6Newsome J, Brumley D, Franklin J, et al. Replayer: Automatic Protocol Replay by Binary Analysis[C]//Proc. of ACM Conference on Computer and Communications Security. New York, USA: [s. n.], 2006.
  • 7Marshall B. Protocol Informations Project[EB/OL]. (2010-11-21). http://www.4tphi.net/~awalters/PI/PI.html.
  • 8Cui Weidong, Kannan J, Helen J W, Discoverer: Automatic Protocol Reverse Engineering from Network Traces[C]//Proc. of the 16th USENIX Security Symposium. [S. l.]: USENIX, 2007.

二级参考文献28

  • 1刘立芳,霍红卫,王宝树.PHGA-COFFEE:多序列比对问题的并行混合遗传算法求解[J].计算机学报,2006,29(5):727-733. 被引量:11
  • 2Small S,Mason J,Monrose F,Provos N,Stubblefield A.To catch a predator:A natural language approach for eliciting malicious payloads. Proc.of the 17th USENIX Security Symp.(Security 2008) . 2008
  • 3Kruegel C,Robertson W,Valeur F,Vigna G.Static disassembly of obfuscated binaries. Proc.of the 13th Conf.on USENIX Security Symp.(Security 2004) . 2004
  • 4Christodorescu M,Kidd N,Goh WH.String analysis for x86 binaries. Proc.of the 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering(PASTE 2005) . 2005
  • 5Cavadini S.Secure slices of insecure programs. Proc.of the 2008 ACM Symp.on Information,Computer and Communications Security(ASIACCS 2008) . 2008
  • 6Nethercote N,Seward J.Valgrind:A framework for heavyweight dynamic binary instrumentation. Proc.of the ACM Conf.on Programming Language Design and Implementation(PLDI 2007) . 2007
  • 7Comparetti PM,Wondracek G,Kruegel C,Kirda E.Prospex:Protocol specification extraction. Proc.of the IEEE Symp.on Security&Privacy . 2009
  • 8Caballero J,Yin H,Liang ZK,Song D.Polyglot:Automatic extraction of protocol message format using dynamic binary analysis. Proc.of the 14th ACM Conf.on Computer and Communications Security(CCS 2007) . 2007
  • 9Saxena P,Sekar R,Puranik V.Efficient fine-grained binary instrumentation with applications to taint-tracking. Proc.of the 6th Annual IEEE/ACM Int’’’’l Symp.on Code Generation and Optimization(CGO 2008) . 2008
  • 10Bayer U,Kruegel C,Kirda E.TTAnalyze:A tool for analyzing malware. Proc.of the 15th Annual Conf.of the European Institute for Computer Antivirus Research(EICAR 2005) . 2006

共引文献81

同被引文献59

  • 1李伟,田野,赵保华,周颢.一种ABNF编码协议消息的通用解析方法[J].计算机工程,2006,32(13):141-143. 被引量:3
  • 2Chia Yuan Cho,Domagoj Babic,Eui Chul Richard Shin,et al,Inference and Analysis of Formal Models of Botnet Command and Control Protocols[C],CCS 10.Chicago,lllinois,USA, 2010.
  • 3C Leita,K Mermoud,M Dacier.ScriptGen:an Auto- mated Script Generation Tool for Honeyd[C].21st Annual Computer Security Applications Confer- ence (ACSAC),2005.
  • 4A.Tridgell.How Samba Was Written[R].2012 http://samba.org/ftp/tridge/misc/french_cafe.txt.
  • 5Gerard J.Holzmann.and Validation of Computer Protocols[M].Prentice Hall, 1991.
  • 6D Croker, P Overell. Augmented BNF for Syntax Specificaions:ABNF[R].2005.http://tools.iet f.org/h tml/rfc4234.
  • 7宗成庆,统计自然语苦处理[M].北京:清华人学出版社、2013.
  • 8Leo Breiman.Statistical Modeling:The Two Cul- tures[J].Statistical Science,2001,16(3):199-231.
  • 9M Beddoe.Protocol Information Pro-ject[C].Toorcon.2004.http://www.4tphi.net/-awalte rs/PI/PI.html.
  • 10A Trifilo,S Burschka,E Biersack,Traffic to Protocol Reverse Engineering[C].Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications(CISDA 2009).Ottawa:lEEE,2009:257-264.

引证文献5

二级引证文献16

计算机工程
2012年 第19期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
关于我们 | 版权声明 | 联系我们 | 帮助中心| 意见反馈
主办单位:上海市教育委员会
技术支持:重庆维普资讯有限公司
渝公网安备 50019002500403号
使用帮助 返回顶部