基于人机协作迭代分析的网络协议逆向方法
Network protocol reverse based on human-machine collaboration and iterative analysis
马春来 1王群 2孙中豪 3王占丰 4胡超5
作者信息
- 1. 国防科技大学电子对抗学院,合肥 230037
- 2. 浙江树人大学,浙江杭州 310015
- 3. 国家计算机网络与信息安全管理中心,北京 100029
- 4. 南京莱克贝尔信息技术有限公司,江苏南京 210014
- 5. 陆军工程大学,江苏南京 210007
- 折叠
摘要
协议逆向分析在网络安全领域具有重要意义,现有方法主要依靠计算机进行自动化推断,并未考虑人的经验知识干预条件下可能带来的信息增益,存在准确性较低的问题.鉴于此,提出了一种基于人机协作迭代分析的网络协议逆向方法,该方法基于人机协作协议逆向分析框架,利用XML将人的经验知识进行知识表征,通过迭代式修正阶段性分析结果,克服了因缺乏知识辅助而导致的协议词法、语法及状态机推断准确率较低的问题.以典型工控协议数据样本为例进行了实验和对比分析,结果表明了该方法的有效性和可行性.
Abstract
Protocol reverse analysis plays a significant role in the field of network security.Existing methods primarily rely on computers for automated inference,without considering the potential information gain that may be brought about under the condition of human experiential knowledge intervention,thus resulting in issues of low accuracy.In light of this,a network protocol reverse method based on human-machine collaboration and iterative analysis was proposed.This method is based on the human-machine collaborative protocol reverse analysis framework,using XML to represent human experiential knowledge.By iteratively correcting the phased analysis results,it overcomes the issue of low accuracy in protocol lexical,syntactic and state machine inference due to the lack of knowledge assistance.The expe-riment conducted a comparative analysis using typical industrial control protocol data samples as examples,and the results demonstrated the effectiveness and feasibility of this method.
关键词
网络协议逆向/人机协作/知识表征/迭代分析Key words
network protocol reverse/human-machine collaboration/knowledge representa-tion/iterative analysis引用本文复制引用
出版年
2024
NETL
NSTL
万方数据