基于协议偏离的程序协议指纹提取与识别

J4 ›› 2015, Vol. 37 ›› Issue (04): 682-691.

基于协议偏离的程序协议指纹提取与识别

李美剑，王勇军，解培岱，黄志坚

（国防科学技术大学计算机学院，湖南长沙 410073）

收稿日期:2013-11-01 修回日期:2014-02-24 出版日期:2015-04-25 发布日期:2015-04-25
基金资助:
教育部高等学校博士学科点专项科研基金资助项目（20124307110014）

Extraction and recognition of protocol fingerprint
based on protocol deviation

LI Meijian,WANG Yongjun,XIE Peidai，HUANG Zhijian

（College of Computer,National University of Defense Technology,Changsha 410073,China）

Received:2013-11-01 Revised:2014-02-24 Online:2015-04-25 Published:2015-04-25

摘要/Abstract

摘要：

针对传统协议指纹提取技术耗时耗力，且无法提取与识别加密协议指纹问题，提出了一种基于协议偏离的程序协议指纹自动提取方法。协议偏离描述了协议各版本实现程序的网络行为差异，以动态二进制分析技术为支撑，分别从协议偏离会话流层面与偏离消息层面对协议特征进行提取。实验结果不仅验证了所提方法的可行性，还为提取与识别加密协议应用程序指纹提供了一条新思路。

关键词: 协议偏离, 协议逆向工程, 协议指纹, 协议特征

Abstract:

Since traditional protocol fingerprinting methods are usually time-consuming and cannot properly extract or recognize cryptographic protocols, we propose a novel protocol fingerprinting method based on protocol deviation. Protocol deviation describes the network behavior differentiations between different protocol implementations. Based on the dynamic binary analysis technology, the proposed method extracts protocol characteristics from the session stream level and the message level of protocol deviation. Experimental results show that the proposed method is not only feasible, but also provides a new idea for the fingerprinting of cryptographic protocol applications.

Key words: protocol deviation;protocol reverse engineering;protocol fingerprint;protocol signature

李美剑，王勇军，解培岱，黄志坚. 基于协议偏离的程序协议指纹提取与识别[J]. J4, 2015, 37(04): 682-691.

LI Meijian,WANG Yongjun,XIE Peidai，HUANG Zhijian. Extraction and recognition of protocol fingerprint
based on protocol deviation [J]. J4, 2015, 37(04): 682-691.