| At present,the network protocol reverse analysis has a wide range of applications in the field of security.The use of protocol reverse analysis technology can analyze the security of network protocols,exploit network vulnerabilities and intrusion detection of unknown protocols.The protocol reverse analysis method based on dynamic binary analysis can effectively deal with software packers,code obfuscation and data encryption.The analysis results are highly accurate and have become hotspots in the field of reverse protocols.Reverse analysis of protocol based on dynamic binary analysis usually uses the method of dynamic taint analysis to obtain the information needed by the protocol reverse,but the existing dynamic taint analysis technology is deficient in the supportive protocol reverse work.On the other hand,the existing dynamic stain analysis technology does not consider the dependence of the protocol fields on the accuracy of the analysis results.Based on this,this paper aims at the application of reverse analysis of network protocols,and optimizes and improves the existing dynamic stain analysis techniques.The main research results are as follows:1)In view of the reverse requirement of the protocol field format,a stain information record format oriented to the protocol reversal is designed and implemented.The reverse process of the protocol field needs the support of the semantic information of the protocol data.In the existing dynamic tainting analysis technology,only the instruction information related to the tainted data is recorded,and the record of the information related to the instruction operand is ignored.The stain information record format designed in this paper can fully record the semantic information of the protocol data,and thus lay a good foundation for reversely formatting the protocol field.2)Based on the DECAF platform,the dynamic sequence analysis technology is used to obtain the sequence of commands related to protocol data processing.During the experiment,the host computer interacts with the virtual machine program to communicate with the network data,and marks the virtual machine network card as the pollution source,ensuring the integrity of the smudge data and improving the accuracy of protocol analysis.3)Combined with the analysis of the source code of web applications,the problem of "less pollution" caused by the control of smudge data during dynamic tainting analysis was explored.In-depth study of the causes of the problem of "less pollution" and put forward the "temporary stain data-confirmation mechanism" model to solve this problem.The dynamic stain analysis prototype system is implemented based on DECAF platform.The experimental results show that the improved dynamic stain analysis technology traverses more instruction sequences than the original dynamic stain analysis technology,and achieves a higher path coverage and thus higher Accuracy?... |
PDF Full Text Request