| Due to the fact that private protocols, the details of which is one of the importanttechnical basis in network security, lack official descriptions, Protocol reverse engineeringis proposed, which is the process of extracting protocol grammar, syntax and semantics ofa protocol by monitoring and analyzing the network input/output, system behavior andinstruction execution process of the protocol entities without knowing any description ofthe protocol.An automatic net-trace based protocol reverse engineering technology is proposed forthe complexity and time consuming of manual extraction of protocol information. Itconsists of two main parts including message format identification and state machineconstruction. Message format identification uses a two-step classification of packets andan improved sequence align algorithm, which improve the accuracy of message format.State machine construction proposes a new state machine inferring method, which solvesthe problem of information loss and error. At last, this paper implements a protocol reverseengineering prototype, which could output detailed description of unknown protocolsthrough multiple stages of work, providing the basis for further understanding.The testing results of FTP, TNS and SMB protocols show that this method is moreaccurate than previous work which values greatly in network application and can improvethe security of network protocols. |
PDF Full Text Request