Research Progress of Network Protocol Reverse Engineering Technologies Based on Network Trace

被引：0

作者：

Wang Z.-F. ^{[1
]}

Cheng G. ^{[2
]}

Ma W.-J. ^{[3
]}

Zhang J.-W. ^{[4
]}

Sun Z.-H. ^{[4
]}

Hu C. ^{[5
]}

机构：

[1] School of Computer Science and Engineering, Southeast University, Nanjing

[2] College of Cyber Science and Engineering, Southeast University, Nanjing

[3] Nanjing Lexbell Information Technology Co. Ltd., Nanjing

[4] National Computer Network Emergency Response Technique Team, Coordination Center of China, Beijing

[5] College of Command Control Engineering, Army Engineering University of PLA, Nanjing

来源：

Ruan Jian Xue Bao/Journal of Software | 2022年 / 33卷 / 01期

关键词：

Multiple sequence alignment; Protocol reverse engineering; Protocol state machine; Semantic inference; Syntax inference;

D O I：

10.13328/j.cnki.jos.006303

中图分类号：

学科分类号：

摘要：

Protocol reverse engineering is widely used in intrusion detection system, deep packet inspection, fuzzy testing, C & C malware detection, and other fields. First, the formal definition and basic principle of protocol reverse engineering are given. Then, the existing protocol reverse methods based on network trace are analyzed in detail from two aspects of protocol format extraction and protocol state machine inference. In addition, the basic modules, main principles, and characteristics of these algorithms are explained. Finally, the existing algorithms are compared from several aspects, and the development trend of protocol reverse technology is discussed. © Copyright 2022, Institute of Software, the Chinese Academy of Sciences. All rights reserved.

引用

页码：254 / 273

页数：19

共 53 条

[1] Li MJ., Reverse extracting of protocol model based on dynamic binary analysis and its application, (2014)
[2] Narayan J, Shukla SK, Clancy TC., A survey of automatic protocol reverse engineering tools, ACM Computing Surveys, 48, 3, pp. 1-26, (2016)
[3] Lee D., Yannakakis M., Principles and methods of testing finite state machines-a survey, Proceedings of the IEEE, 84, 8, pp. 1090-1123, (1996)
[4] Tridgell A., How SAMBA was written, (2003)
[5] About Wine, (2014)
[6] Wang YP, Li XJ, Meng J, Zhao Y, Zhang ZB, Guo L., Biprominer: Automatic mining of binary protocol features, Proc. of the 12th Int'l Conf. on Parallel and Distributed Computing, Applications and Technologies, PDCAT 2011, pp. 179-184, (2011)
[7] NetZob, (2020)
[8] Luo JZ, Yu SZ., Position-based automatic reverse engineering of network protocols, Journal of Network and Computer Applications, 36, 3, pp. 1070-1077, (2013)
[9] Antunes J, Neves N, Verissimo P., Reverse engineering of protocols from network traces, Proc. of the the 18th Working Conf. on Reverse Engineering, pp. 169-178, (2011)
[10] Wang Y, Zhang N, Wu YM, Su BB, Liao YJ., Protocol formats reverse engineering based on association rules in wireless environment, Proc. of the 12th IEEE Int'l Conf. on Trust, Security and Privacy in Computing and Communications, pp. 134-141, (2013)

← 1 2 3 4 5 6 →