Abstract:

Since traditional protocol fingerprinting methods are usually time-consuming and cannot properly extract or recognize cryptographic protocols, we propose a novel protocol fingerprinting method based on protocol deviation. Protocol deviation describes the network behavior differentiations between different protocol implementations. Based on the dynamic binary analysis technology, the proposed method extracts protocol characteristics from the session stream level and the message level of protocol deviation. Experimental results show that the proposed method is not only feasible, but also provides a new idea for the fingerprinting of cryptographic protocol applications.

Key words: protocol deviation;protocol reverse engineering;protocol fingerprint;protocol signature