| Recently, many aspects of the national military, politics, economy, andsociety are increasingly inseparable from the Internet, with the wide applicationof network globalization. Because the network attack is low-cost, high-incomeand the vulnerability of the current network security, network becomes the maintarget of hacker attacks. Hackers often use protocol vulnerabilities to attack anddestroy the target system, and the network is facing the unprecedented securitychallenges.At present, the network protocols are increasingly complex, lead to thetraditional protocol analysis method fails, and make the target network protocolreverse engineering to spend more and more time and manpower. Thereforeautomated analysis of network protocol is in urgent need of automated reversesystem. On the one hand, the system can automatically and quickly to get theresults or intermediate results, saving the manpower and time consumption. Onthe other hand, it can make up for the negligence and lack of the artificial reversethrough the standardized reverse process and binary comparison analysis.Mainly according to the protocol analysis problem of the interactive strongcharacteristics of protocol (such as the instant communication protocols and P2Pprotocols), protocol analysis method based on the network protocol automatereverse analysis system is proposed, and the network protocol automate reverseanalysis system is designed in the paper. Firstly, the method obtains IP, domainname and other key information through the automated reverse static analysis,and then obtains the data packet structure and the key interactive process of theanalysis and protocol though automated dynamic protocol tracking analysis, alsoused for the protocol identification and detection. The accuracy and validity ofthe method is experimental and evaluation with real flow experiments by instantcommunication protocols (such as QQ, G Talk) and P2P file sharing protocols (such as Thunder and BT). The experimental results show that precision rate andrecall rate are respectively higher than94.9%and92.1%, and only need8.7%package or0.9%byte content of the true flow. |
PDF Full Text Request