Research On Key Techniques Of Wireless Communication Protocol Reverse Analysis

The advancement of wireless communication technology,which is widely used in civil and military communication fields,has promoted the information circulation among people.Meanwhile,it also results in challenges.In civil applications,the population of wireless communication greatly improves the life of public,yet its openness by nature also causes a large number of security vulnerabilities.For instance,hackers may take advantage of the wireless channel to transfer attacking data.Because most of the attacks using unknown protocol data packages,it is difficult to discover the existence of the attack.In the military applications,the arms race related to wireless communication is becoming increasingly fierce.With the improvement of precision signal analysis equipment and software radio technology,it is possible to obtain the data stream via the signal detection and signal analysis in wireless communication process.But the military communication system often uses proprietary protocols which make it almost impossible to find valuable information in protocol data.Encouraged with the fact that the traditional protocol reverse analysis mainly relies on the ineffective artificial method,many researchers are researching automated protocol reverse technologies to find an efficient to analyze the unknown protocol format and to acquire valuable information.This paper focuses on key technologies of wireless communication protocol reverse analysis.Owing to the existing reverse analysis method of wireless communication protocol has several problems such as the highly dependence on sample completeness and prior knowledge,low computation efficiency and low accuracy of analysis results,lacking of in-depth analysis of the protocol characteristics or a systematic analysis program,this thesis solves the wireless communication protocol reverse analysis problems,studies key technologies under the circumstance lack of prior knowledge support,works on how to extract protocol frame structure,to divide protocol frame types and to abstract protocol keywords;it also contributes to the key techs on the generation of the protocol message format tree and the protocol message semantic analysis,to predict the protocol message format in the case of incomplete data samples;it investigates the method of protocol state machine inference;it designed and realizes the a reverse analysis system of wireless communication protocol.The main tasks and innovation points of this paper stand as follows: A method for analyzing the frame structure of wireless communication protocol is proposed.First of all,for the Long Frame Sequence,the paper puts forward the Frame Segmentation Algorithm based on correlation analysis;for the Long Variable Frame,it puts forward the Frame Segmentation Algorithm based on the synchronization code exaction.Then,the Protocol Keyword Extraction Algorithm based on the weighted association rule analysis is proposed.Lastly,pointing at the difficult classification problem of frame types,on the foundation of using a special group of Gay Code to process data,the paper proposes the Frame Classification Algorithm of Weight Clustering and the Frame Classification Algorithm of Density Clustering respectively.The frame structure analysis method proposed in this paper does not rely on any prior knowledge which is closely attached to the frame structure features of wireless communication,boasting a strong analysis method generality.We also studied the key techniques to extract the protocol message format.Firstly,the paper puts forward the message protocol analysis method based on the Sequence Alignment whose message protocol tree can reflect the Keyword Distribution and Domain Values;combined with wireless communication protocol,it brings about an Algorithm of Section Searching Double Sequence Comparison.Then,based on the theme model,a Message Protocol Modeling Method is proposed in order to acquire message semantics information,also by this model that completes the analysis of time distribution features of Message Format and the differences of Message Sequence Format.Finally,a message format prediction method based on Hidden Markov Model is proposed,which can predict the protocol message format in the case of incomplete samples.An Inference Method of both active and passive state machine is proposed,which can obtain the abstract description of the Protocol Behavior Specification.Firstly,utilizing the analysis of traffic flow,a Protocol Session Phase Partitioning Algorithm is proposed to solve the problem of the low efficiency of the state machine owing to the large quantity sample.Then,in view of the existing generalization problem of Passive Inference Algorithm,by marking the number of output and input,the reduction process of the State Machine is being restrained;pointing at problems of the query sequence generation difficulty during the Active Inference Algorithm and low query efficiency,a Fuzzy Test Technology is introduced to assist the Test Column Generation,and by caching mechanism the queries times is reduced.Finally,the actual test is carried out in the wireless test environment,verifying the feasibility of this method.In the end,a reverse analysis system of wireless communication protocol is designed out and proved a success.This system adopts a variety of analysis methods,but do not rely on single prior knowledge.And by analyzing communication protocol data stream,it extracts the Target Protocol Message Format and State Machine Information.