面向比特流数据的无人机测控协议逆向解析

发布时间：2018-08-21 09:41

【摘要】：在网络信息攻防安全领域中,协议逆向解析一直是研究的热点。通用标准类协议的检测识别技术已经日趋成熟,而私有协议在民用、军事等通信设备通信交互的过程中也有着较为广泛的应用,但由于缺乏标准协议文档的参考,其相关的逆向解析的研究并不多见。从网络安全防御的角度而言,为了测试其在遭受网络攻击时的安全性与复杂应用环境下的健壮性,有关私有协议的研究也受到越来越多的重视。民用小型无人机的测控过程较为私密,主要的应用协议属于私有协议范畴。因此,不能简单地通过利用已有协议特征库匹配识别等传统研究手段来进行其测控类协议格式的还原以及相关字段语义表达的推断。针对于此,本文从报文序列分析的角度着手,以比特流报文数据为研究对象,利用数据统计分析以及其他数据挖掘处理手段,结合飞行记录文档(第三方监控描绘的无人机飞行轨迹以及飞行状态变化信息),实现对民用小型无人机私有测控类协议的逆向解析。协议逆向解析大致分为三个阶段。第一阶段,通过参照一些良好规范的测控协议设计,设计参数可调、字段完备、协议实体可扩展的私有无人机测控协议范本。然后在仿真平台上实现无人机飞行状态的简单建模,模拟仿真出无人机飞行任务过程中与地面基站之间的测控会话数据(比特流形式)。第二阶段,首先对测控两类混合报文数据进行简单的分类,然后通过数据统计绘图分析、KMP模式串匹配、改进的Apriori关联规则挖掘算法以及Needleman-Wunsch序列比对等方法实现字段域结构划分、字段定界以及语义推断。第三阶段则是通过引入飞行记录文档等先验知识,对协议格式还原及字段语义推断进行更为深入的解析。通过对多类未知的自定义协议样本数据的测试实验,并对解析结果给出客观的分析及评估,验证确保了协议逆向解析方法的有效性。
[Abstract]:In the field of network information attack and defense security, protocol reverse resolution has been a hot topic. The detection and identification technology of generic standard protocols has become more and more mature, and private protocols have been widely used in the communication interaction process of civilian, military and other communication devices. However, due to the lack of reference to standard protocol documents, private protocols are widely used in communication interaction between civil and military communication devices. The research on reverse analysis is rare. From the point of view of network security defense, in order to test the security of network attack and the robustness of complex application environment, the research on private protocol has been paid more and more attention. The measurement and control process of civilian small UAV is private, and the main application protocols belong to private protocol. Therefore, we can not simply use the traditional research means such as matching and identifying the existing protocol signature database to restore the format of its measurement and control protocols and infer the semantic expression of related fields. In this paper, from the point of view of message sequence analysis, we take the bitstream message data as the research object, and use the data statistical analysis and other data mining processing methods. Combined with flight record documents (the flight trajectory and flight state change information of UAV described by third party monitoring), the reverse analysis of private TT & C protocols for civilian small UAVs is realized. Protocol reverse parsing can be divided into three stages. In the first stage, by referring to some good standard measurement and control protocol design, the design parameters can be adjusted, the field is complete, and the protocol entity can be extended to private UAV measurement and control protocol model. Then the simple modeling of UAV flight state is realized on the simulation platform, and the measurement and control session data (bit stream form) between UAV mission and ground base station are simulated. In the second stage, the two kinds of mixed message data are classified simply, then the field domain structure is divided by statistical drawing analysis, improved Apriori association rule mining algorithm and Needleman-Wunsch sequence alignment. Field demarcation and semantic inference. In the third stage, by introducing prior knowledge such as flight record documents, the protocol format restoration and field semantic inference are analyzed more deeply. Based on the test results of many kinds of unknown custom protocol sample data and the objective analysis and evaluation of the analytical results, it is verified that the validity of the protocol reverse parsing method is ensured.
【学位授予单位】：西南交通大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：V279;V249;TP393.08

【参考文献】