本文選題：數(shù)據(jù)流分析　切入點(diǎn)：網(wǎng)絡(luò)協(xié)議逆向　出處：《計(jì)算機(jī)應(yīng)用》2013年05期

【摘要】：對(duì)未知網(wǎng)絡(luò)協(xié)議進(jìn)行逆向解析在網(wǎng)絡(luò)安全應(yīng)用中具有重要的意義。現(xiàn)有的協(xié)議逆向解析方法大都存在無(wú)法處理加密協(xié)議和無(wú)法獲取協(xié)議字段語(yǔ)義信息的問(wèn)題。針對(duì)這一問(wèn)題,提出并實(shí)現(xiàn)了一種基于數(shù)據(jù)流分析的網(wǎng)絡(luò)協(xié)議解析技術(shù)。該技術(shù)依托動(dòng)態(tài)二進(jìn)制插樁平臺(tái)Pin下編寫(xiě)的數(shù)據(jù)流記錄插件,以基于數(shù)據(jù)關(guān)聯(lián)性分析的數(shù)據(jù)流跟蹤技術(shù)為基礎(chǔ),對(duì)軟件使用的網(wǎng)絡(luò)通信協(xié)議進(jìn)行解析,獲取協(xié)議的格式信息,以及各個(gè)協(xié)議字段的語(yǔ)義。實(shí)驗(yàn)結(jié)果證明,該技術(shù)能夠正確解析出軟件通信的協(xié)議格式,并提取出各個(gè)字段所對(duì)應(yīng)的程序行為語(yǔ)義,尤其對(duì)于加密協(xié)議有不錯(cuò)的解析效果,達(dá)到了解析網(wǎng)絡(luò)協(xié)議的目的。
[Abstract]:Reverse analysis of unknown network protocols is of great significance in network security applications.Most of the existing protocol reverse parsing methods are unable to deal with encryption protocols and can not obtain semantic information of protocol fields.In order to solve this problem, a network protocol parsing technique based on data flow analysis is proposed and implemented.Based on the data flow tracking technology based on data association analysis, this technology analyzes the network communication protocols used by software, and obtains the format information of the protocols by relying on the data stream recording plug-in written under the dynamic binary piling platform Pin.And the semantics of each protocol field.The experimental results show that this technique can correctly parse the protocol format of the software communication and extract the corresponding program behavior semantics of each field, especially for the encryption protocol has a good parsing effect, and achieve the purpose of parsing the network protocol.
【作者單位】： 信息工程大學(xué);
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 何永君;舒輝;熊小兵;;基于動(dòng)態(tài)二進(jìn)制分析的網(wǎng)絡(luò)協(xié)議逆向解析[J];計(jì)算機(jī)工程;2010年09期

2 潘t，

本文編號(hào)：1721796