Affiliation:
1. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China
2. State Key Laboratory of Public Big Data, College of Computer Science and Technology, Guizhou University, Guiyang, Guizhou 550025, China
Abstract
Network communication protocol reverse engineering is useful for network security, including protocol fuzz testing, botnet command infiltration, and service script generation. Many models have been proposed to generate field boundary, field semantic, state machine, and some other format information from network trace and program execution for text-based protocol and hybrid protocols. However, how to extract format information from network trace data for binary-based protocol still remains a challenging issue. Existing network-trace-based models focus on text-based and hybrid protocols, using tokenization and some other heuristic rules, like field identification, to perform reverse engineering, which makes it hard to apply to binary-based protocol. In this paper, we propose a whole mechanism for binary-based protocol reverse engineering based on auto-encoder models and other clustering algorithms using only network trace data. After evaluation, we set some metrics and compare our model with existing other models, showing its necessity to the field of protocol reverse engineering.
Funder
National Basic Research Program of China
Subject
Computer Networks and Communications,Information Systems
Reference33 articles.
1. Automatic network protocol analysis;G. Wondracek;NDSS,2008
2. ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions
3. Finding security vulnerabilities in java applications with static analysis;V. B. Livshits;USENIX security symposium,2005
4. Automatic Inference of Search Patterns for Taint-Style Vulnerabilities