| Specifcations of network protocols are very important for intrusion detection, fuzztest and protocol reuse. But much of these protocols using in network are closed, there isno official descriptions, for this reason, researchers propose the protocol reverseengineering. The research of protocol reverse engineering keep trying to establish a set ofcommonly used method, which can automatically analyze the network protocols and getits technical specifications.Most of recent researches focus in message analysis, leave the protocol state machineinference for future work. In the field of protocol state machine inference, mostly useoffline algorithm, little of research use online algorithm. Protocol reverse engineeringbased on online algorithm can query further messages to get more complete model.Improved online algorithm NL~*, using a high-efficiency way to process counter example,can reduce the complexity of constructing automate, and decrease the number of membership query. In addition, two modifications of online algorithm are used in the reverseengineering process, learning basic sets and use protocol knowledge to filter number ofmembership queries. These changes make the algorithm has a higher performance.Experiment shows, NL~*needs more membership queries than L*, but improved NL~*appears higher efficiency than L*, cause it always need less membership queries andequivalence queries. Then the three algorithms were used to test FTP and SMTP protocol,the result shows that improved NL~*has a higher performance, and the online algorithmcan get more complete model than offline algorithm. |
PDF Full Text Request