Abstract
Protocol reverse-engineering technique can be used to extract the specification of an unknown protocol. However, there is no standardized method and in most cases, the extracting process is done manually or semi-automatically. Since only frequently seen values are extracted as fields from the messages of a protocol, it is difficult to understand complete specification of the protocol. Therefore, if the information about the structure of the unknown protocol could be acquired in advance, it would be easy to conduct reverse engineering. This paper suggests a method of recognizing 8 commercial protocols and transformed protocols of their own using deep learning techniques. When the proposed method is conducted prior to APRE (Automatic Protocol Reverse Engineering) process, it is possible to obtain useful information beforehand when similarities exist between unknown protocols and learned protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Weidong, C., Jayanthkumar, K., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: USENIX Security Symposium, pp. 199–212 (2007)
Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis CCS 2007. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 317–329. ACM, New York (2007)
Wondracek, G., Comparetti, P.M., Kruegel, C., Kirda, E.: Automatic network protocol analysis. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)
Cui, W., Peinado, M., Chen, K., Wang, H.J., Irun-Briz, L.: Tupni: automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 391–402 (2008)
Comparetti, P.M., Wondracek, G., Kruegel, C.: Prospex: protocol specification extraction. In: 30th IEEE Symposium on Security and Privacy, pp. 110–125 (2009)
Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: enabling active Botnet infiltration using automatic protocol reverse-engineering. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, Proceeding CCS 2009, pp. 621–634 (2009)
Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Int. J. Comput. Telecommun. Netw. 57(2), 451–474 (2012)
Lin, R., Li, O., Li, Q., Liu, Y.: Unknown network protocol classification method based on semi-supervised learning. In: Computer and Communications (ICCC), pp. 300–308 (2015)
McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Proceedings of the Passive and Active Measurement Workshop (PAM 2004), Antibes Juan-les-Pins, France, April 2004
Zander, S., Nguyen, T., Armitage, G.: Automated traffic classification and application identification using machine learning. In: IEEE 30th Conference on Local Computer Networks (LCN 2005), Sydney, Australia, November 2005
Moore, A., Zuev, D.: Internet traffic classification using Bayesian analysis techniques. In: ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS) 2005, Banff, Alberta, Canada, June 2005
Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for Internet traffic classification. IEEE Trans. Neural Netw. 18(1), 223–239 (2007)
Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. Special Interest Group on Data Communication (SIGCOMM) Comput. Commun. Rev., 36(5), 5–16 (2006)
Erman, J., Mahanti, A., Arlitt, M.: Internet traffic identification using machine learning techniques. In: Proceedings of 49th IEEE Global Telecommunications Conference (GLOBECOM 2006), San Francisco, USA, December 2006
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Jeong, C., Ahn, M., Lee, H., Jung, Y. (2019). Automatic Classification of Transformed Protocols Using Deep Learning. In: Park, J., Shen, H., Sung, Y., Tian, H. (eds) Parallel and Distributed Computing, Applications and Technologies. PDCAT 2018. Communications in Computer and Information Science, vol 931. Springer, Singapore. https://doi.org/10.1007/978-981-13-5907-1_16
Download citation
DOI: https://doi.org/10.1007/978-981-13-5907-1_16
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5906-4
Online ISBN: 978-981-13-5907-1
eBook Packages: Computer ScienceComputer Science (R0)