Research On Binary Protocol Reverse Method Based On Deep Learning

With the growth of network equipment,the security of network access environment has become particularly important.Many network security technologies,such as fuzzy testing and intrusion detection,have attracted more and more attention.However,the accuracy and scalability of this kind of security technology depend on the understanding of the protocol.By extracting the unknown protocol format information through the protocol reverse analysis technology,the processing ability of this kind of security technology for unknown protocols can be improved.By analyzing the change features of protocol fields,a field sequence coding method for field change features is proposed.The main purpose of this coding method is to exclude the influence of field values on classification.Practical training tests show that the coding method has better accuracy and convergence speed.Based on this encoding method,the LSTM-FCN model,which is widely used in time series classification,is improved.With the help of the ability of extracting sequence features from LSTM-FCN model,the DigitalLSTM-FCN model for sequence classification of protocol fields is realized.Based on this model,a new reverse scheme of binary protocol based on deep learning is proposed.In this scheme,Dual-LSTM-FCN model is used as the field sequence classifier,and then the degree of field type aggregation is used as the evaluation criterion to select the fields which most conform the features of the known field type.And then calculate the boundaries and types of unknown protocol fields.In the experiment,the accuracy and recall rate of Dual-LSTM-FCN model in different protocol fields are more than 85%,which shows that the model has the ability to identify different protocol field types according to the field change characteristics.In the reverse experiment of IP and TCP protocols,the protocol reverse scheme based on this model also identifies the fields and types of protocols accurately,which proves that the scheme basically realizes the reverse of binary protocols.