دوره 16، شماره 2 - ( 6-1398 )
جلد 16 شماره 2 صفحات 40-19 |
برگشت به فهرست نسخه ها
مجتمع فناوری اطلاعات، ارتباطات و امنیت، دانشگاه صنعتی مالک اشتر
چکیده: (3631 مشاهده)
مهندسی معکوس برنامههای کاربردی شبکه، بهخصوص از دیدگاه امنیت، بسیار مورد توجه قرار گرفته و اهمیت بالایی دارد. بسیاری از برنامههای کاربردی شبکه، از پروتکلهای خاصی را که ویژگیهای آنها برای عموم در دسترس نیست، استفاده میکنند. مهندسی معکوس این برنامههای کاربردی، میتواند اطلاعات مورد نیاز برای فهم پروتکلهای ناشناخته مستقر در آنها فراهم کند؛ دسترسی به این اطلاعات میتواند بسیاری از وظایف، از جمله بازبینی عمیق پروتکل در نسل جدید دیوارههای آتش و تحلیل کدهای دودویی مشکوک را تسهیل کند. با این وجود، اگرچه پژوهشهای بسیاری در این زمینه انجام شده، اما این پژوهشها در بیشتر موارد فقط بر استخراج ساختار نحوی پیامهای پروتکل متمرکز شدهاند. در این مقاله، روشهای جدیدی برای بهبود استخراج ساختار نحوی و معنایی پیامهای پروتکل از طریق مهندسی معکوس کد دودویی برنامههای کاربردی شبکه ارائه شده است. برای این کار، از ترکیب تحلیل پویا و ایستای کدهای دودویی استفاده میشود. بهمنظور ارزیابی روشهای پیشنهادی، چهار پروتکل مختلف لایه کاربرد شامل DNS، eDonkey، Modbus و Stun تحلیل شده است. نتیجه آزمایشها نشان میدهد که روشهای پیشنهادی، نهتنها میتوانند ساختار نحوی پیام را کاملتر از روشهای مشابه استخراج کنند، بلکه معانی سودمندی از پیامهای پروتکل نیز استخراج میکنند که در روشهای قبلی قابل دستیابی نیست.
نوع مطالعه: پژوهشي |
موضوع مقاله:
مقالات گروه امنیت اطلاعات
دریافت: 1396/2/17 | پذیرش: 1398/4/9 | انتشار: 1398/6/26 | انتشار الکترونیک: 1398/6/26
دریافت: 1396/2/17 | پذیرش: 1398/4/9 | انتشار: 1398/6/26 | انتشار الکترونیک: 1398/6/26
فهرست منابع
1. [1] J. Caballero, D. Song, "Automatic protocol reverse-engineering: Message format extraction and field semantics inference", Computer Networks, vol. 57(2), pp. 451-474, 2013. [DOI:10.1016/j.comnet.2012.08.003]
2. [2] M. Beddoe, "The Protocol Informatics Project", in Toorcon, 2004.
3. [3] W. Cui, J. Kannan, H. J. Wang, "Discoverer: Automatic Protocol Reverse Engineering from Network Traces", in Proceedings of the USENIX Security Symposium, Boston, MA, pp. 199-212, August 2007.
4. [4] Y. Wang, X. Yun, and M. Z. Shafiq, L. Wang, A. X. Liu, Z. Zhang, D. Yao, Y. Zhang, L. Guo, "A semantics aware approach to automated reverse engineering unknown protocols", in 20th IEEE International Conference on Network Protocols (ICNP), pp. 1-10, October 2012. [DOI:10.1109/ICNP.2012.6459963]
5. [5] F. Pan, Z. Hong, Y. Du, L. Wu, "Efficient Protocol Reverse Method Based on Network Trace Analysis", International Journal of Digital Content Technology and its Applications, vol.6(20), 201, November 2012. [DOI:10.4156/jdcta.vol6.issue20.22]
6. [6] G. Bossert, F. Guihéry, and G. Hiet, "Towards automated protocol reverse engineering using semantic information", in Proceedings of the 9th ACM symposium on Information, computer and communications security, pp. 51-62, ACM, June 2014. [DOI:10.1145/2590296.2590346]
7. [7] Luo X, Chen D, Wang Y, Xie P, "A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering", Sensors 19, no. 3, p.716, January 2019. [DOI:10.3390/s19030716] [PMID] [PMCID]
8. [8] S Kleber, H Kopp, F Kargl, "NEMESYS: Network Message Syntax Reverse Engineering by Analysis of the Intrinsic Structure of Individual Messages", in 12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018.
9. [9] F Meng, C Zhang, and G Wu, "Protocol reverse based on hierarchical clustering and probability alignment from network traces", in 2018 IEEE 3rd International Conference on Big Data Analysis (ICBDA), pp. 443-447, IEEE, March 2018. [DOI:10.1109/ICBDA.2018.8367724]
10. [10] K.S. Shim, Y.H. Goo, M.S. Lee, H Hasanova, M.S. Kim, "Inference of network unknown protocol structure using CSP (Contiguous Sequence Pattern) algorithm based on tree structure", in NOMS 2018-2018 IEEE/IFIP Network Operations and Management Sympo-sium, pp. 1-4, IEEE, April 2018. [DOI:10.1109/NOMS.2018.8406311]
11. [11] M.S. Lee, K.S. Shim, Y.H. Goo, M.S. Kim, "A Study on the Method to Extract Clear Fields From the Private Protocol", in 2018 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1397-1402, IEEE, October 2018. [DOI:10.1109/ICTC.2018.8539357]
12. [12] J. Caballero, H. Yin, and Z. Liang, D. Song. "Polyglot: Automatic extraction of protocol message format using dynamic binary analysis", in Proceedings of the 14th ACM conference on Computer and communications security, Alexandria, VA, pp. 317-329, October 2007. [DOI:10.1145/1315245.1315286]
13. [13] Z. Lin, X. Jiang, and D. Xu, X. Zhang, "Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution", in Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, Vol. 8, pp. 1-15, February 2008.
14. [14] F. Pan, L. F. Wu, and Z. Hong, H. B. Li, H. G. Lai, C. H. Zheng, "Icefex: Protocol Format Extraction from IL-based Concolic Execution", KSII Transactions on Internet & Information Systems, 7(3), 2013. [DOI:10.3837/tiis.2013.03.010]
15. [15] Y. Yang, K. McLaughlin, and S. Sezer, T. Littler, E. G. Im, B. Pranggono, H. F. Wang, "Multiattribute SCADA-specific intrusion detection system for power networks", in IEEE Transactions on Power Delivery, 29(3), 1092-1102, 2014. [DOI:10.1109/TPWRD.2014.2300099]
16. [16] V. Yegneswaran, J. T. Giffin, and P. Barford, S. Jha, "An architecture for generating semantics-aware signatures", in Proceedings of Usenix Security Symposium 2005, pp. 34-43, August 2005. [DOI:10.21236/ADA449063]
17. [17] A. Aho, M. Lam, R. Sethi, and J. D. Ullman, "Compilers: Principles, techniques, and tools", 2nd ed., Addison Wesley, Boston, 2006.
18. [18] "TEMU: The BitBlaze Dynamic Analysis Component", Available: http://bitblaze.cs.berk-eley.edu/temu, [Accessed: March 2019].
19. [19] "Qemu: Open source processor emulator" Available: http://wiki.qemu.org, [Accessed: March 2019].
20. [20] "Buster Sandbox Analyser", Available: http://bsa.isoftware.nl/, [Accessed: March 2019].
21. [21] "IDA Pro", Available: https://www.hex-rays.com, [Accessed: March 2019].
22. [22] "Zynamics, Binnavi- binary code reverse engineering tool", Available: http://www.zyna-mics.com/binnavi.html, [Accessed: March 2019].
23. [23] "Resource Tuner 2.04 - Resource Editor for EXE and DLL Resource Files. Edit Icon Resources, Replace Strings, Change Bitmaps", Available: http://restuner.com/, [Accessed: March 2019].
24. [24] "Wireshark•Go Deep", Available: http-s://www.wireshark.org , [Accessed: March 2019].
25. [25] J. Caballero, D. Song, "Automatic protocol reverse-engineering: Message format extraction and field semantics inference", Computer Networks, 57(2), pp. 451-474, 2013. [DOI:10.1016/j.comnet.2012.08.003]
26. [26] M. Beddoe, "The Protocol Informatics Project", in Toorcon, 2004.
27. [27] W. Cui, J. Kannan, H. J. Wang, "Discoverer: Automatic Protocol Reverse Engineering from Network Traces", in Proceedings of the USENIX Security Symposium, Boston, MA, pp. 199-212, August 2007.
28. [28] Y. Wang, X. Yun, and M. Z. Shafiq, L. Wang, A. X. Liu, Z. Zhang, D. Yao, Y. Zhang, L. Guo, "A semantics aware approach to automated reverse engineering unknown protocols", in 20th IEEE International Conference on Network Protocols (ICNP), pp. 1-10, October 2012. [DOI:10.1109/ICNP.2012.6459963]
29. [29] F. Pan, Z. Hong, Y. Du, L. Wu, "Efficient Protocol Reverse Method Based on Network Trace Analysis", International Journal of Digital Content Technology and its Applications, 6(20), 201, November 2012. [DOI:10.4156/jdcta.vol6.issue20.22]
30. [30] G. Bossert, F. Guihéry, and G. Hiet, "Towards automated protocol reverse engineering using semantic information", in Proceedings of the 9th ACM symposium on Information, computer and communications security, pp. 51-62, ACM, June 2014. [DOI:10.1145/2590296.2590346]
31. [31] Luo X, Chen D, Wang Y, Xie P, "A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering", Sensors 19, no. 3, p.716, January 2019. [DOI:10.3390/s19030716] [PMID] [PMCID]
32. [32] S Kleber, H Kopp, F Kargl, "NEMESYS: Network Message Syntax Reverse Engineering by Analysis of the Intrinsic Structure of Individual Messages", in12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018.
33. [33] F Meng, C Zhang, G Wu, "Protocol reverse based on hierarchical clustering and probability alignment from network traces", in 2018 IEEE 3rd International Conference on Big Data Analysis (ICBDA), pp. 443-447, IEEE, March 2018. [DOI:10.1109/ICBDA.2018.8367724]
34. [34] K.S. Shim, Y.H. Goo, M.S. Lee, H Hasanova, M.S. Kim, "Inference of network unknown protocol structure using CSP (Contiguous Sequence Pattern) algorithm based on tree structure", in NOMS 2018-2018 IEEE/IFIP Network Operations and Management Sympo-sium, pp. 1-4, IEEE, April 2018. [DOI:10.1109/NOMS.2018.8406311]
35. [35] M.S. Lee, K.S. Shim, Y.H. Goo, M.S. Kim, "A Study on the Method to Extract Clear Fields From the Private Protocol", in 2018 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1397-1402, IEEE, October 2018. [DOI:10.1109/ICTC.2018.8539357]
36. [36] J. Caballero, H. Yin, and Z. Liang, D. Song. "Polyglot: Automatic extraction of protocol message format using dynamic binary analysis", in Proceedings of the 14th ACM conference on Computer and communications security, Alexan-dria, VA, pp. 317-329, October 2007. [DOI:10.1145/1315245.1315286]
37. [37] Z. Lin, X. Jiang, and D. Xu, X. Zhang, "Automatic Protocol Format Reverse Enginee-ring through Context-Aware Monitored Execu-tion", in Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, Vol. 8, pp. 1-15, February 2008.
38. [38] F. Pan, L. F. Wu, and Z. Hong, H. B. Li, H. G. Lai, C. H. Zheng, "Icefex: Protocol Format Extraction from IL-based Concolic Execution", KSII Transactions on Internet & Information Systems, 7(3), 2013. [DOI:10.3837/tiis.2013.03.010]
39. [39] Y. Yang, K. McLaughlin, and S. Sezer, T. Littler, E. G. Im, B. Pranggono, H. F. Wang, "Multiattribute SCADA-specific intrusion detec-tion system for power networks", in IEEE Transactions on Power Delivery, 29(3), 1092-1102, 2014. [DOI:10.1109/TPWRD.2014.2300099]
40. [40] V. Yegneswaran, J. T. Giffin, and P. Barford, S. Jha, "An architecture for generating semantics-aware signatures", in Proceedings of Usenix Security Symposium 2005, pp. 34-43, August 2005. [DOI:10.21236/ADA449063]
41. [41] A. Aho, M. Lam, and R. Sethi, J. D. Ullman, "Compilers: Principles, techniques, and tools", 2nd ed., Addison Wesley, Boston, 2006.
42. [42] "TEMU: The BitBlaze Dynamic Analysis Component", Available: http://bitblaze.cs.berke-ley.edu/temu, [Accessed: March 2019].
43. [43] "Qemu: Open source processor emulator" Available: http://wiki.qemu.org, [Accessed: March 2019].
44. [44] "Buster Sandbox Analyser", Available: h-ttp://bsa.isoftware.nl/, [Accessed: March 2019].
45. [45] "IDA Pro", Available: https://www.hex-rays.com, [Accessed: March 2019].
46. [46] "Zynamics, Binnavi- binary code reverse engineering tool", Available: http://www.zy-namics.com/binnavi.html, [Acce-ssed: March 2019].
47. [47] "Resource Tuner 2.04 - Resource Editor for EXE and DLL Resource Files. Edit Icon Resources, Replace Strings, Change Bitmaps", Available: http://restuner.com/, [Accessed: March 2019].
48. [48] "Wireshark•Go Deep", Available: https://ww-w.wireshark.org , [Accessed: March 2019].
| بازنشر اطلاعات | |
 |
این مقاله تحت شرایط Creative Commons Attribution-NonCommercial 4.0 International License قابل بازنشر است. |