| Mining unknown protocol packet formats is a very effective way to improve network security, especially in promotingthe accuracy of network Fuzz testing. However,researches on reverse engineering of unknown protocol formatmostly depend on manual analysis, whichis extremely time consuming and low efficiency.We make some improvements based on the Length of progressive algorithm, the original method only pairwise comparison, we improving it tosupport multiple sequences comparison, making it more responsive to extract packet characteristics, while more efficient than the original method on efficiency and accuracy. This method has four processes, theyare the threshold assumption, the TLV structure inference, determinethe optimal structure and infertype of field. Threshold means the number of Tag field’s type, we infer the structure of packet under this threshold, get the most optimal one. We can use this method to get an unknown protocol format automatically, which can use on Fuzz testing.In order to verify the performance of our algorithm, we use get-request data packets of SNMP v1protocol as samples for testing, then comparethe experimental results to the standard RFC. The experimental results show that this method can get structure information of the original message in the case of less time consuming, and can provide a better basis for network Fuzz testing and network security, there is a certain value. |
PDF Full Text Request