本文選題：數(shù)據(jù)流分析　切入點：網(wǎng)絡協(xié)議逆向　出處：《計算機應用》2013年05期

【摘要】：對未知網(wǎng)絡協(xié)議進行逆向解析在網(wǎng)絡安全應用中具有重要的意義�，F(xiàn)有的協(xié)議逆向解析方法大都存在無法處理加密協(xié)議和無法獲取協(xié)議字段語義信息的問題。針對這一問題,提出并實現(xiàn)了一種基于數(shù)據(jù)流分析的網(wǎng)絡協(xié)議解析技術。該技術依托動態(tài)二進制插樁平臺Pin下編寫的數(shù)據(jù)流記錄插件,以基于數(shù)據(jù)關聯(lián)性分析的數(shù)據(jù)流跟蹤技術為基礎,對軟件使用的網(wǎng)絡通信協(xié)議進行解析,獲取協(xié)議的格式信息,以及各個協(xié)議字段的語義。實驗結果證明,該技術能夠正確解析出軟件通信的協(xié)議格式,并提取出各個字段所對應的程序行為語義,尤其對于加密協(xié)議有不錯的解析效果,達到了解析網(wǎng)絡協(xié)議的目的。
[Abstract]:Reverse analysis of unknown network protocols is of great significance in network security applications.Most of the existing protocol reverse parsing methods are unable to deal with encryption protocols and can not obtain semantic information of protocol fields.In order to solve this problem, a network protocol parsing technique based on data flow analysis is proposed and implemented.Based on the data flow tracking technology based on data association analysis, this technology analyzes the network communication protocols used by software, and obtains the format information of the protocols by relying on the data stream recording plug-in written under the dynamic binary piling platform Pin.And the semantics of each protocol field.The experimental results show that this technique can correctly parse the protocol format of the software communication and extract the corresponding program behavior semantics of each field, especially for the encryption protocol has a good parsing effect, and achieve the purpose of parsing the network protocol.
【作者單位】： 信息工程大學;
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前3條

1 何永君;舒輝;熊小兵;;基于動態(tài)二進制分析的網(wǎng)絡協(xié)議逆向解析[J];計算機工程;2010年09期

2 潘t，

本文編號：1721796