A Format Reverse Method for Binary Protocol from Communication Data

Protocol format reverse based on communication data has played an important role in the fields of network security and information countermeasures. In this paper, a format reverse analysis method for binary communication protocol which based on probability alignment and differential analysis of statistic is proposed. The method adopts the data set of protocol frame as analysis object, and makes the corresponding fields in protocol frame aligned accurately by probability alignment algorithm firstly, and then identifies the boundary of adjacent fields in the frame according to the different features of various statistics, and finally reverses the communication protocol format specification. The experimental results show that the method can effectively identify the format specification of binary communication protocol and semantics specification for some fields in protocol frame format.