Skip to main content
SpringerLink
Log in

Automatic Classification of Transformed Protocols Using Deep Learning

  • Conference paper
  • First Online:
Parallel and Distributed Computing, Applications and Technologies (PDCAT 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 931))

Abstract

Protocol reverse-engineering technique can be used to extract the specification of an unknown protocol. However, there is no standardized method and in most cases, the extracting process is done manually or semi-automatically. Since only frequently seen values are extracted as fields from the messages of a protocol, it is difficult to understand complete specification of the protocol. Therefore, if the information about the structure of the unknown protocol could be acquired in advance, it would be easy to conduct reverse engineering. This paper suggests a method of recognizing 8 commercial protocols and transformed protocols of their own using deep learning techniques. When the proposed method is conducted prior to APRE (Automatic Protocol Reverse Engineering) process, it is possible to obtain useful information beforehand when similarities exist between unknown protocols and learned protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Weidong, C., Jayanthkumar, K., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: USENIX Security Symposium, pp. 199–212 (2007)

    Google Scholar 

  2. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis CCS 2007. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 317–329. ACM, New York (2007)

    Google Scholar 

  3. Wondracek, G., Comparetti, P.M., Kruegel, C., Kirda, E.: Automatic network protocol analysis. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)

    Google Scholar 

  4. Cui, W., Peinado, M., Chen, K., Wang, H.J., Irun-Briz, L.: Tupni: automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 391–402 (2008)

    Google Scholar 

  5. Comparetti, P.M., Wondracek, G., Kruegel, C.: Prospex: protocol specification extraction. In: 30th IEEE Symposium on Security and Privacy, pp. 110–125 (2009)

    Google Scholar 

  6. Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: enabling active Botnet infiltration using automatic protocol reverse-engineering. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, Proceeding CCS 2009, pp. 621–634 (2009)

    Google Scholar 

  7. Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Int. J. Comput. Telecommun. Netw. 57(2), 451–474 (2012)

    Article  Google Scholar 

  8. Lin, R., Li, O., Li, Q., Liu, Y.: Unknown network protocol classification method based on semi-supervised learning. In: Computer and Communications (ICCC), pp. 300–308 (2015)

    Google Scholar 

  9. McGregor, A., Hall, M., Lorier, P., Brunskill, J.: Flow clustering using machine learning techniques. In: Proceedings of the Passive and Active Measurement Workshop (PAM 2004), Antibes Juan-les-Pins, France, April 2004

    Google Scholar 

  10. Zander, S., Nguyen, T., Armitage, G.: Automated traffic classification and application identification using machine learning. In: IEEE 30th Conference on Local Computer Networks (LCN 2005), Sydney, Australia, November 2005

    Google Scholar 

  11. Moore, A., Zuev, D.: Internet traffic classification using Bayesian analysis techniques. In: ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS) 2005, Banff, Alberta, Canada, June 2005

    Google Scholar 

  12. Auld, T., Moore, A.W., Gull, S.F.: Bayesian neural networks for Internet traffic classification. IEEE Trans. Neural Netw. 18(1), 223–239 (2007)

    Article  Google Scholar 

  13. Williams, N., Zander, S., Armitage, G.: A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification. Special Interest Group on Data Communication (SIGCOMM) Comput. Commun. Rev., 36(5), 5–16 (2006)

    Article  Google Scholar 

  14. Erman, J., Mahanti, A., Arlitt, M.: Internet traffic identification using machine learning techniques. In: Proceedings of 49th IEEE Global Telecommunications Conference (GLOBECOM 2006), San Francisco, USA, December 2006

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Agency for Defense Development, Yuseong, Daejeon, Republic of Korea

    Changmin Jeong, Mirim Ahn & Haengho Lee

  2. YM-Naeultech, Inharo, Namgu, Incheon, Republic of Korea

    Younggiu Jung

Authors
  1. Changmin Jeong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mirim Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haengho Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Younggiu Jung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Changmin Jeong .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul, Korea (Republic of)

    Jong Hyuk Park

  2. School of Computer Science, University of Adelaide, Adelaide, SA, Australia

    Hong Shen

  3. Department of Multimedia Engineering, Dongguk University, Seoul, Korea (Republic of)

    Yunsick Sung

  4. School of ICT, Griffith University, Gold Coast, Australia

    Hui Tian

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jeong, C., Ahn, M., Lee, H., Jung, Y. (2019). Automatic Classification of Transformed Protocols Using Deep Learning. In: Park, J., Shen, H., Sung, Y., Tian, H. (eds) Parallel and Distributed Computing, Applications and Technologies. PDCAT 2018. Communications in Computer and Information Science, vol 931. Springer, Singapore. https://doi.org/10.1007/978-981-13-5907-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-5907-1_16

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-5906-4

  • Online ISBN: 978-981-13-5907-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation