基于文法推断的协议逆向工程
发布时间:2018-08-16 08:50
【摘要】:要深入了解网络中的各种应用过程,进而对这些应用进行自动分类、识别、跟踪和控制,首先就要获得代表这些应用会话过程的状态机.为此提出一种新的方法从采集的应用层数据中反推协议状态机.它采用基于差错纠正的文法推断方法,利用应用层协议交互过程中出现的标识符状态序列,逆向工程其协议状态机.为充分挖掘和发挥差错纠正的性能,提出了最佳路径匹配标准确定纠正路径,以及基于概率统计的异常入度区分及其剪枝的方法;通过去重的状态合并和相似行为意义的协议结构化简措施解决状态膨胀问题,从而获取最精简的协议状态机.通过在包含多种应用层协议的实际网络中的实验,验证了该方法的有效性.
[Abstract]:In order to understand the various application processes in the network, and then to classify, identify, track and control these applications automatically, we must first obtain the state machine which represents the session process of these applications. Therefore, a new method is proposed to push back the protocol state machine from the collected application layer data. It uses the grammar inference method based on error correction to reverse engineer its protocol state machine by using the identifier state sequence which appears in the process of application layer protocol interaction. In order to fully mine and give full play to the performance of error correction, the optimal path matching criterion is proposed to determine the correction path, and the method of distinguishing anomaly entry and pruning based on probability statistics is proposed. The state expansion problem is solved by state merging and protocol structure simplification with similar behavior meaning, and the most concise protocol state machine is obtained. The effectiveness of the proposed method is verified by experiments in practical networks with multiple application layer protocols.
【作者单位】: 中山大学信息科学与技术学院;仲恺农业工程学院信息科学与技术学院;
【基金】:国家“八六三”高技术研究发展计划基金项目(2007AA01Z449) 国家自然科学基金-广东联合基金重点项目(U0735002);国家自然科学基金项目(60970146,61202271)
【分类号】:TP393.08
[Abstract]:In order to understand the various application processes in the network, and then to classify, identify, track and control these applications automatically, we must first obtain the state machine which represents the session process of these applications. Therefore, a new method is proposed to push back the protocol state machine from the collected application layer data. It uses the grammar inference method based on error correction to reverse engineer its protocol state machine by using the identifier state sequence which appears in the process of application layer protocol interaction. In order to fully mine and give full play to the performance of error correction, the optimal path matching criterion is proposed to determine the correction path, and the method of distinguishing anomaly entry and pruning based on probability statistics is proposed. The state expansion problem is solved by state merging and protocol structure simplification with similar behavior meaning, and the most concise protocol state machine is obtained. The effectiveness of the proposed method is verified by experiments in practical networks with multiple application layer protocols.
【作者单位】: 中山大学信息科学与技术学院;仲恺农业工程学院信息科学与技术学院;
【基金】:国家“八六三”高技术研究发展计划基金项目(2007AA01Z449) 国家自然科学基金-广东联合基金重点项目(U0735002);国家自然科学基金项目(60970146,61202271)
【分类号】:TP393.08
【参考文献】
相关期刊论文 前3条
1 陈曙晖;苏金树;范慧萍;侯婕;;一种基于深度报文检测的FSM状态表压缩技术[J];计算机研究与发展;2008年08期
2 李伟明;张爱芳;刘建财;李之棠;;网络协议的自动化模糊测试漏洞挖掘方法[J];计算机学报;2011年02期
3 应凌云;杨轶;冯登国;苏璞睿;;恶意软件网络协议的语法和行为语义分析方法[J];软件学报;2011年07期
【共引文献】
相关期刊论文 前10条
1 姚振军;黄德根;纪翔宇;;正则表达式在汉英对照中国文化术语抽取中应用[J];大连理工大学学报;2010年02期
2 肖武德;;一种正则表达式的高效分组算法[J];计算机安全;2010年04期
3 张树壮;罗浩;方滨兴;;大规模复杂规则匹配技术研究[J];高技术通讯;2010年12期
4 张钊;唐文;温巧燕;;一种基于长度语义约束的报文格式挖掘方法[J];北京邮电大学学报;2012年06期
5 张树壮;罗浩;方滨兴;云晓春;;一种面向网络安全检测的高性能正则表达式匹配算法[J];计算机学报;2010年10期
6 姚远;刘鹏;单征;田双鹏;;面向存储的正则表达式匹配算法综述[J];计算机应用;2009年12期
7 姚远;刘鹏;王辉;笱程成;;基于稀疏矩阵存储的状态表压缩算法[J];计算机应用;2010年08期
8 潘t,
本文编号:2185493
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2185493.html
