Protocol Specification Inference Based on Keywords Identification

详细信息    查看全文

• 作者：Yong Wang (25)
  Nan Zhang (25)
  Yan-mei Wu (25)
  Bin-bin Su (25)
  
• 关键词：keywords Identification ; protocol languages ; finite state machine
• 刊名：Lecture Notes in Computer Science
• 出版年：2013
• 出版时间：2013
• 年：2013
• 卷：8347
• 期：1
• 全文大小：462KB
• 作者单位：Yong Wang (25)
  Nan Zhang (25)
  Yan-mei Wu (25)
  Bin-bin Su (25)
  
  25. School of Computer Science and Engineering, University of Electronic Science and Technology of China, 611731, Chengdu, China
  
• ISSN：1611-3349

文摘

Protocol reverse engineering is becoming important in analyzing unknown protocols. Unfortunately, many techniques often have some limitations for few priori information or the time-consuming problem. To address these issues, we propose a framework based on protocol finite state machine (FSM) construction, which can infer the protocol specifications without any priori information of protocols. To improve our framework’s efficiency, we identify the keywords before the finite state construction. Our framework constructs two FSMs, one is L – FSM (language FSM) and the other is S – FSM (state FSM). L – FSM is to illustrate the protocol languages. S – FSM shows protocol sessions’ state transitions. We evaluate our framework with both binary and text protocol. The ARP and the SMTP are the target protocols as inputs. The precision rate and the recall rate are used for evaluation criterias in our experiments. The ARP’s precision and recall rate are both reached 100%. The SMTP’s precision rate is 100% and recall rate is almost 98%.