期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于符号表达式的未知协议格式分析及漏洞挖掘 被引量:4

Automatic network protocol analysis and vulnerability discovery based on symbolic expression
在线阅读 下载PDF
导出
摘要 针对网络通讯软件的Fuzzing技术受限于协议格式,尤其是未知协议难以保证测试效果,提出了基于符号表达式的协议分析方法.将数据包关键处理代码翻译为符号表达式,利用符号表达式的丰富含义加快未知协议格式分析,并依此开发了协议格式分析及漏洞挖掘框架PAVD.通过对亿邮客户端的漏洞测试,验证了PAVD能有效提升协议分析效率,为网络通讯软件Fuzzing测试提供良好的支持. Fuzzing is an efficient method for ensuring software security. However, when one tests network-based software using this method, one may obtain unsatisfied results because of lacking the protocol format. To solve this problem, we propose a new protocol analysis technique based on symbolic expression. We use this technique to translate the crucial code into symbolic expressions and accelerate protocol analysis. In addition, we develop a translation framework which contains the function of automatic protocol format analysis and could export the protocol format to Peach platform. Finally, we apply our framework to analyze one target (eyou client) and obtain good results.
作者 罗成 张玉清 王龙 刘奇旭
机构地区 中国科学院研究生院国家计算机网络入侵防范中心
出处 《中国科学院研究生院学报》 CAS CSCD 北大核心 2013年第2期278-284,共7页 Journal of the Graduate School of the Chinese Academy of Sciences
基金 国家自然科学基金(61272481) 中国博士后科学基金(2011M500416 2012T50152)资助
关键词 未知协议 FUZZING 符号表达式 漏洞挖掘 unknown protocol Fuzzing symbolic expression vulnerability discovery
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献13

  • 1Liu Q x, Zhang Y Q. TFTP vulnerability finding technique based on fuzzing[J]. Computer Communications, 2008, 31 (14) : 3420-3426.
  • 2Beddoe M. The protocol informatics project automating network protocol analysis [ EB/OL ]. San Diego: Toorcon, 2004 [ 2011 - 08- 11 ]. http ://www. 4tphi. net/- awahers/ Pl/Pl_Toorcon. pdf.
  • 3李伟明,张爱芳,刘建财,李之棠.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255. 被引量:67
  • 4Cui W, Kannan J, Wang H J. Discoverer: automatic protocol reverse engineering from network traces [ C ]// Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. Boston, MA, USENIX Association, 2007:1-14.
  • 5何永君,舒辉,熊小兵.基于动态二进制分析的网络协议逆向解析[J].计算机工程,2010,36(9):268-270. 被引量:11
  • 6Wang Z, Jiang X, Cui W, et al. ReFormat: automatic reverse engineering of encrypted messages [ C ]//Proceedings of the 14th European Conference on Research in Computer Security. Saint-Malo, France, Springer-Verlag,2009:200-215.
  • 7Caballero J, Yin H, Liang Z, et al. Polyglot: automatic extraction of protocol message format using dynamic binary analysis [ C ] // 14th ACM Conference on Computer and Communications Security. Virginia, USA, ACM, 2007:317- 329.
  • 8Comparetti P M, Wondracek G, Kruegel C, et al. prospex: protocol specification extraction [ C ] //Security and Privacy, 2009 30th IEEE Symposium on. 2009 : 110-125.
  • 9Wondracek G, Comparetti P M, Kruegel C, et al. Automatic Network Protocol Analysis [ C ]//15th Annual Network and Distributed System Security Symposium. San Diego, 200g : 1- 18.
  • 10Lin Z, Jiang X, Xu D, et al. Automatic protocol format reverse engineering through context-aware monitored execution [C]//15th Annual Network and Distributed System Security Symposium ( NDSS 2008 ). San Diego, 2008 : 1 - 17.

二级参考文献9

  • 1刘立芳,霍红卫,王宝树.PHGA-COFFEE:多序列比对问题的并行混合遗传算法求解[J].计算机学报,2006,29(5):727-733. 被引量:11
  • 2Caballero J,Yin Heng,Liang Zhenkai,et al.Polyglot:Automatic Extraction of Protocol Format Using Dynamic Binary Analysis[C]// Proc.of the 14th ACM Conference on Computer and Communications Security.Alexandria,USA:[s.n.],2007.
  • 3Beddoe M.The Protocol Informatics Project[EB/OL].[2009-08-24].http://www.4tphi.net/~awalters/PI/PI.Html.
  • 4Cui Weidong,Kannan J,Wang H J.Discoverer:Automatic Protocol Reverse Engineering from Network Traces[C]//Proc.of the 16th Usenix Security Symposium.Boston,VA:USA:[s.n.],2007.
  • 5Lin Zhiqiang,Jiang Xuxian,Xu Dongyan,et al.Automatic Protocol Format Reverse Engineering Through Context-aware Monitored Execution[C]//Proc.of the 15th Symposium on Network and Distributed System Security.San Diego,California,USA:[s.n.],2008.
  • 6Cui Weidong,Peinado M,Chen K,et al.Tupni:Automatic Reverse Engineering of Input Formats[C]//Proc.of ACM Conference on Computer and Communications Security.Alexandria,VA,USA:[s.n.].2008.
  • 7Wondracek G,Comparetti P M,Kruegel C,et al.Automatic Network Protocol Analysis[C]//Proc.of the 15th Annual Network and Distributed System Security Symposium.San Diego,California,USA:[s.n.],2008.
  • 8Bruening D L.Efficient,Transparent,and Comprehensive Runtime Code Manipulation[D].Cambridge,USA:Massachusetts Institute of Technology,2004.
  • 9魏瑜豪,张玉清.基于Fuzzing的MP3播放软件漏洞发掘技术[J].计算机工程,2007,33(24):158-160. 被引量:28

共引文献73

同被引文献19

  • 1杨善林,李永森,胡笑旋,潘若愚.K-MEANS算法中的K值优化问题研究[J].系统工程理论与实践,2006,26(2):97-101. 被引量:192
  • 2张一嘉.局域网链路层数据帧识别算法的设计与实现[J].通信对抗,2007(4):41-44. 被引量:12
  • 3CHARLES V W, FABIAN M, GERALD M M. On inferring application protocol behaviors in encrypted network traffic [J].Journal of Machine Learning Research, 2006,7 (12) : 2745-2769.
  • 4CHARLES V W, FABIAN M, GERALD M M. HMM profiles for network traffic classification [C ]// Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security. New York, USA : ACM Press, 2004 ; 9-15.
  • 5JOHN H, EMI G, SAKIR S. Classification of P2P and HTTP using specific protocol characteristics [C]// Proceedings of the 15th Open European Summer School and IFIP TC6.6 Workshop (EUNICE 2009). Barcelona, Spain: Springer, 2009 : 31-40.
  • 6CUI W, KANNA J, WANG H. Discoverer: automatic protocol re- verse engineering from network traces[ C]// SS'07: Proceedings of 16th USENIX Security Symposium. Berkeley: USENIX Association, 2007, Artiele No. 14.
  • 7WRIGHT C V, MONROSE F, MASSON G M. On inferring applica- tion protocol behaviors in encrypted network traffic[ J]. Joumal of Machine Learning Research, 2006, 7(4): 2745-2769.
  • 8WANG Y, XIANG Y, YU S-Z. Automatic application signature construction from unknown traffic[ C] // Proceedings of the 2010 24th IEEE International Conference on Advanced Information Net- working and Applications. Piscataway: IEEE, 2010: 1115- 1120.
  • 9魏瑜豪,张玉清.基于Fuzzing的MP3播放软件漏洞发掘技术[J].计算机工程,2007,33(24):158-160. 被引量:28
  • 10王杰,石成辉.基于正则表达式的动态应用层协议识别方案[J].计算机工程与应用,2010,46(18):103-106. 被引量:8

引证文献4

二级引证文献14

中国科学院研究生院学报
2013年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部