Dynamic combined with static analysis for mining network protocol's hidden behavior

被引:2
作者
Hu Y. [1 ,2 ]
Pei Q. [1 ]
机构
[1] National Key Laboratory of Integrated Services Networks, Xidian University, Xi'an
[2] Key Laboratory of Network and Information Security, Engineering University of the Armed Police Force, Xi'an
来源
International Journal of Business Data Communications and Networking | 2017年 / 13卷 / 02期
基金
中国国家自然科学基金;
关键词
Protocol message; Protocol reverse analysis; Protocol software; Protocol's hidden behavior;
D O I
10.4018/ijbdcn.2017070101
中图分类号
学科分类号
摘要
Unknown protocol's hidden behavior is becoming a new challenge in network security. This paper takes the captured messages and the binary code that implement the protocol both as the studied object. Dynamic Taint Analysis combined with Static Analysis is used for protocol analyzing. Firstly, monitor and analyze the process of protocol program parses the message in the virtual platform HiddenDisc prototype system developed by the authors, record the protocol's public behavior, then based on the authors' proposed Hidden Behavior Perception and Mining algorithm, static analyze the protocol's hidden behavior trigger conditions and hidden behavior instruction sequences. According to the hidden behavior trigger conditions, new protocol messages with the sensitive information are generated, and the hidden behaviors are executed by dynamic triggering. HiddenDisc prototype system can sense, trigger and analyze the protocol's hidden behaviors. According to the statistical analysis results, the authors propose the evaluation method of Protocol Execution Security. The experimental results show that the present method can accurately mining the protocol's hidden behaviors, and can evaluate unknown protocol's execution security. Copyright © 2017, IGI Global.
引用
收藏
页码:1 / 14
页数:13
相关论文
共 26 条
[1]  
Bossert G., Guihery F., Hiet G., Towards automated protocol reverse engineering using semantic information, Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, (2014)
[2]  
Caballero J., Song D., Automatic protocol reverse-engineering: Message format extraction and field semantics inference, Computer Networks, 57, 2, pp. 451-474, (2013)
[3]  
Chang W., Mohaisen A., Wang A., Chen S., Measuring Botnets in the Wild: Some New Trends, Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, (2015)
[4]  
Comparetti P.M., Salvaneschi G., Kirda E., Kolbitsch C., Kruegel C., Zanero S., Identifying Dormant Functionality in Malware Programs, pp. 61-76, (2010)
[5]  
Cui B., Wang F., Hao Y., Wang L., A taint based approach for automatic reverse engineering of gray-box file formats, Soft Computing, (2015)
[6]  
Fanzhi Meng M., Liu Y., Zhang C., Li T., Inferring protocol state machine for binary communication protocol, Advanced Research and Technology in Industry Applications, 2014, pp. 870-874, (2014)
[7]  
Ficco M., Security Event Correlation Approach for Cloud Computing, International Journal of High Performance Computing and Networking, 3, 3, pp. 173-185, (2013)
[8]  
Hailong Sun J.H., Liu X., Li J., RECON: A novel approach to fighting unreliability in peer-to-peer grids, International Journal of Grid and Utility Computing, 2, pp. 77-84, (2011)
[9]  
Hoang D.V.B.D.B., Multi-layer security analysis and experimentation of high speed protocol data transfer for GRID, International Journal of Grid and Utility Computing, 3, 2-3, pp. 81-88, (2012)
[10]  
Juan Caballero D.S., Automatic protocol reverse-engineering: Message format extraction and field semantics inference, Computer Networks, 54, 2, pp. 451-474, (2012)
123