基于数据流分析的网络协议逆向解析技术

发布时间：2018-04-08 13:19

本文选题：数据流分析　切入点：网络协议逆向　出处：《计算机应用》2013年05期

【摘要】：对未知网络协议进行逆向解析在网络安全应用中具有重要的意义。现有的协议逆向解析方法大都存在无法处理加密协议和无法获取协议字段语义信息的问题。针对这一问题,提出并实现了一种基于数据流分析的网络协议解析技术。该技术依托动态二进制插桩平台Pin下编写的数据流记录插件,以基于数据关联性分析的数据流跟踪技术为基础,对软件使用的网络通信协议进行解析,获取协议的格式信息,以及各个协议字段的语义。实验结果证明,该技术能够正确解析出软件通信的协议格式,并提取出各个字段所对应的程序行为语义,尤其对于加密协议有不错的解析效果,达到了解析网络协议的目的。
[Abstract]:Reverse analysis of unknown network protocols is of great significance in network security applications.Most of the existing protocol reverse parsing methods are unable to deal with encryption protocols and can not obtain semantic information of protocol fields.In order to solve this problem, a network protocol parsing technique based on data flow analysis is proposed and implemented.Based on the data flow tracking technology based on data association analysis, this technology analyzes the network communication protocols used by software, and obtains the format information of the protocols by relying on the data stream recording plug-in written under the dynamic binary piling platform Pin.And the semantics of each protocol field.The experimental results show that this technique can correctly parse the protocol format of the software communication and extract the corresponding program behavior semantics of each field, especially for the encryption protocol has a good parsing effect, and achieve the purpose of parsing the network protocol.
【作者单位】：信息工程大学;
【分类号】：TP393.08

【参考文献】