Skip to main content
SpringerLink
Log in

IPFRA: An Online Protocol Reverse Analysis Mechanism

  • Conference paper
  • First Online:
Cloud Computing and Security (ICCCS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 11066))

Included in the following conference series:

Abstract

Protocol reverse engineering is of great significance for discovering protocol vulnerabilities, improving protocol security and reusing protocol. The existing protocol reverse analysis methods usually need a great deal of computation and often takes a long time, which seriously affects the effect of real-time analysis. This paper proposes an incremental protocol format extraction algorithm, which divides the network traffic into different substreams, and introduces error decision mechanism to avoid local errors caused by partition, so as to ensure the correctness. By dynamic evaluation of the complexity of the protocol analysis, the incremental protocol analysis method can effectively improve the efficiency of the protocol reverse engineering.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Pan, F., Hong, Z., Du, Y.X., et al.: Recursive clustering based method for message structure extraction. J. Sichuan Univ. 44(6), 137–142 (2012)

    Google Scholar 

  2. Leita, C., Dacier, M., Massicotte, F.: Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 185–205. Springer, Heidelberg (2006). https://doi.org/10.1007/11856214_10

    Chapter  Google Scholar 

  3. Comparetti, P.M., Wondracek, G., Kruegel, C., et al.: Prospex: protocol specification extraction. In: Proceedings of the 30th IEEE Symposium on Security and Privacy. IEEE Press, Oakland (2009)

    Google Scholar 

  4. Wei-Ming, L.I.: An automatic network protocol fuzz testing and vulnerability discovering method. Chin. J. Comput. 34(2), 242–255 (2011)

    Article  MathSciNet  Google Scholar 

  5. Marshall Beddoe. Protocol Information Project. [EB/OL], 5 October 2004. http://www.4tphi.net/~awalters/PI/PI.html. Accessed 20 Mar 2011

  6. Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: 16th USENIX Security Symposium, pp. 199–212 (2007)

    Google Scholar 

  7. Vogt, H.H., Swierstra, S.D., Kuiper, M.F.: Higher order attribute grammars. In: Conference on Program Language Design and Implementation, pp. 131–145 (1989)

    Google Scholar 

  8. Caballero, J., Yin, H., Liang, Z., et al.: Polyglot: automatic extraction of protocol format using dynamic binary analysis. In: 14th ACM Conference on Computer and Communications Security (CCS), pp. 317–329 (2007)

    Google Scholar 

  9. Cui, W., Paxson, V., Weaver, N., Katz, R.H.: Protocol-independent adaptive replay of application dialog. In: Proceedings of the 13th Network and Distributed System Security Symposium (2006)

    Google Scholar 

  10. Whalen, S., Bishop, M., Crutchfield, J.P.: Hidden Markov models for automated protocol learning. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 415–428. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16161-2_24

    Chapter  Google Scholar 

  11. Krueger, T., Krämer, N., Rieck, K.: ASAP: automatic semantics-aware analysis of network payloads. In: Dimitrakakis, C., Gkoulalas-Divanis, A., Mitrokotsa, A., Verykios, V.S., Saygin, Y. (eds.) PSDML 2010. LNCS (LNAI), vol. 6549, pp. 50–63. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19896-0_5

    Chapter  Google Scholar 

  12. Yipeng, W., Xiaochun, X., Zubair M., et al.: A semantics aware approach to automated reverse engineering unknown protocols. In: ICNP (2012)

    Google Scholar 

  13. Jain, K., Murty, M., Flynn, P.: Data clustering: a review. ACM Computing Surveys (CSUR) 31(3), 264–323 (1999)

    Article  Google Scholar 

Download references

Acknowledgment

This work was supported by the National Key R&D Program of China Grant No. 2017YFC1201204, the National Natural Science Foundation of China under Grant No. 61402521, and Youth Foundation OF under Grant No. 2016QN-004.

Author information

Authors and Affiliations

  1. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, 100000, China

    Zhang Xiaoming, Qiang Qian & Wang Weisheng

  2. School of Computer Science and Engineering, Southeast University, Nanjing, 211189, China

    Wang Zhanfeng

  3. Nanjing Telecommunication Technology Research Institute, Nanjing, 210007, China

    Wei Xianglin

Authors
  1. Zhang Xiaoming
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qiang Qian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wang Weisheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wang Zhanfeng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wei Xianglin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qiang Qian .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Zhaoqing Pan

  3. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xiaoming, Z., Qian, Q., Weisheng, W., Zhanfeng, W., Xianglin, W. (2018). IPFRA: An Online Protocol Reverse Analysis Mechanism. In: Sun, X., Pan, Z., Bertino, E. (eds) Cloud Computing and Security. ICCCS 2018. Lecture Notes in Computer Science(), vol 11066. Springer, Cham. https://doi.org/10.1007/978-3-030-00015-8_28

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00015-8_28

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00014-1

  • Online ISBN: 978-3-030-00015-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation