Advertisement

An MTSA Algorithm for Unknown Protocol Format Reverse

  • Fanghui SunEmail author
  • Shen Wang
  • Hongli Zhang
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 63)

Abstract

In the process of unknown protocol specification reverse, a crucial procedure is clustering messages into different classes, from which we can infer the formats of each class and thus construct the grammar and syntax of that protocol. This paper proposed a Message Token Sequence Alignment algorithm (MTSA) to measure the similarity of message token sequences of unknown Internet protocol by applying a similarity score strategy. According to the result of a verification experiment, we found that this strategy is able to measure the message token sequence reasonably.

Keywords

Protocol reverse Sequence alignment Evaluation strategy 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Protocol Information project, http://4tphi.net/~awalters/PI/PI.html
  2. 2.
    Beddoe, M.A.: Network protocol analysis using bioinformatics algorithms. http://www.baselineresearch.net/PI/
  3. 3.
    3. Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48:444-453 (1970)Google Scholar
  4. 4.
    Leita, C., Mermoud, K., Dacier, M.:ScriptGen: An Automated Script Generation Tool for Honeyd. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005),Google Scholar
  5. 5.
    Cui, W., Paxson, V., Weaver, N.C., Katz, R.H.: Protocol-Independent Adaptive Re-play of Application Dialog. In: Proceedings of the 13th Symposium on Network and Distributed System Security (NDSS 2006)Google Scholar
  6. 6.
    Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Proceedings of the 16th USENIX Security Symposium (2007)Google Scholar
  7. 7.
    Wang, Y., Yun, X., Shafiq, M. Z., Wang, Y., Liu, A., Zhang, Z., et al.: A semantics aware approach to automated reverse engineering unknown protocols. In: Proc. IEEE ICNP, pp. 110 (2012)Google Scholar
  8. 8.
    Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics Doklady 10 (8): 707710 (1966)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Computer Science and TechnologyHarbin Institute of TechnologyHarbinChina

Personalised recommendations