Abstract
Protocol reverse engineering is of great significance for discovering protocol vulnerabilities, improving protocol security and reusing protocol. The existing protocol reverse analysis methods usually need a great deal of computation and often takes a long time, which seriously affects the effect of real-time analysis. This paper proposes an incremental protocol format extraction algorithm, which divides the network traffic into different substreams, and introduces error decision mechanism to avoid local errors caused by partition, so as to ensure the correctness. By dynamic evaluation of the complexity of the protocol analysis, the incremental protocol analysis method can effectively improve the efficiency of the protocol reverse engineering.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Pan, F., Hong, Z., Du, Y.X., et al.: Recursive clustering based method for message structure extraction. J. Sichuan Univ. 44(6), 137–142 (2012)
Leita, C., Dacier, M., Massicotte, F.: Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 185–205. Springer, Heidelberg (2006). https://doi.org/10.1007/11856214_10
Comparetti, P.M., Wondracek, G., Kruegel, C., et al.: Prospex: protocol specification extraction. In: Proceedings of the 30th IEEE Symposium on Security and Privacy. IEEE Press, Oakland (2009)
Wei-Ming, L.I.: An automatic network protocol fuzz testing and vulnerability discovering method. Chin. J. Comput. 34(2), 242–255 (2011)
Marshall Beddoe. Protocol Information Project. [EB/OL], 5 October 2004. http://www.4tphi.net/~awalters/PI/PI.html. Accessed 20 Mar 2011
Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: 16th USENIX Security Symposium, pp. 199–212 (2007)
Vogt, H.H., Swierstra, S.D., Kuiper, M.F.: Higher order attribute grammars. In: Conference on Program Language Design and Implementation, pp. 131–145 (1989)
Caballero, J., Yin, H., Liang, Z., et al.: Polyglot: automatic extraction of protocol format using dynamic binary analysis. In: 14th ACM Conference on Computer and Communications Security (CCS), pp. 317–329 (2007)
Cui, W., Paxson, V., Weaver, N., Katz, R.H.: Protocol-independent adaptive replay of application dialog. In: Proceedings of the 13th Network and Distributed System Security Symposium (2006)
Whalen, S., Bishop, M., Crutchfield, J.P.: Hidden Markov models for automated protocol learning. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 415–428. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16161-2_24
Krueger, T., Krämer, N., Rieck, K.: ASAP: automatic semantics-aware analysis of network payloads. In: Dimitrakakis, C., Gkoulalas-Divanis, A., Mitrokotsa, A., Verykios, V.S., Saygin, Y. (eds.) PSDML 2010. LNCS (LNAI), vol. 6549, pp. 50–63. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19896-0_5
Yipeng, W., Xiaochun, X., Zubair M., et al.: A semantics aware approach to automated reverse engineering unknown protocols. In: ICNP (2012)
Jain, K., Murty, M., Flynn, P.: Data clustering: a review. ACM Computing Surveys (CSUR) 31(3), 264–323 (1999)
Acknowledgment
This work was supported by the National Key R&D Program of China Grant No. 2017YFC1201204, the National Natural Science Foundation of China under Grant No. 61402521, and Youth Foundation OF under Grant No. 2016QN-004.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Xiaoming, Z., Qian, Q., Weisheng, W., Zhanfeng, W., Xianglin, W. (2018). IPFRA: An Online Protocol Reverse Analysis Mechanism. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11066. Springer, Cham. https://doi.org/10.1007/978-3-030-00015-8_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-00015-8_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-00014-1
Online ISBN: 978-3-030-00015-8
eBook Packages: Computer ScienceComputer Science (R0)