發(fā)布時間：2018-08-21 09:41

【摘要】：在網(wǎng)絡(luò)信息攻防安全領(lǐng)域中,協(xié)議逆向解析一直是研究的熱點。通用標準類協(xié)議的檢測識別技術(shù)已經(jīng)日趨成熟,而私有協(xié)議在民用、軍事等通信設(shè)備通信交互的過程中也有著較為廣泛的應(yīng)用,但由于缺乏標準協(xié)議文檔的參考,其相關(guān)的逆向解析的研究并不多見。從網(wǎng)絡(luò)安全防御的角度而言,為了測試其在遭受網(wǎng)絡(luò)攻擊時的安全性與復(fù)雜應(yīng)用環(huán)境下的健壯性,有關(guān)私有協(xié)議的研究也受到越來越多的重視。民用小型無人機的測控過程較為私密,主要的應(yīng)用協(xié)議屬于私有協(xié)議范疇。因此,不能簡單地通過利用已有協(xié)議特征庫匹配識別等傳統(tǒng)研究手段來進行其測控類協(xié)議格式的還原以及相關(guān)字段語義表達的推斷。針對于此,本文從報文序列分析的角度著手,以比特流報文數(shù)據(jù)為研究對象,利用數(shù)據(jù)統(tǒng)計分析以及其他數(shù)據(jù)挖掘處理手段,結(jié)合飛行記錄文檔(第三方監(jiān)控描繪的無人機飛行軌跡以及飛行狀態(tài)變化信息),實現(xiàn)對民用小型無人機私有測控類協(xié)議的逆向解析。協(xié)議逆向解析大致分為三個階段。第一階段,通過參照一些良好規(guī)范的測控協(xié)議設(shè)計,設(shè)計參數(shù)可調(diào)、字段完備、協(xié)議實體可擴展的私有無人機測控協(xié)議范本。然后在仿真平臺上實現(xiàn)無人機飛行狀態(tài)的簡單建模,模擬仿真出無人機飛行任務(wù)過程中與地面基站之間的測控會話數(shù)據(jù)(比特流形式)。第二階段,首先對測控兩類混合報文數(shù)據(jù)進行簡單的分類,然后通過數(shù)據(jù)統(tǒng)計繪圖分析、KMP模式串匹配、改進的Apriori關(guān)聯(lián)規(guī)則挖掘算法以及Needleman-Wunsch序列比對等方法實現(xiàn)字段域結(jié)構(gòu)劃分、字段定界以及語義推斷。第三階段則是通過引入飛行記錄文檔等先驗知識,對協(xié)議格式還原及字段語義推斷進行更為深入的解析。通過對多類未知的自定義協(xié)議樣本數(shù)據(jù)的測試實驗,并對解析結(jié)果給出客觀的分析及評估,驗證確保了協(xié)議逆向解析方法的有效性。
[Abstract]:In the field of network information attack and defense security, protocol reverse resolution has been a hot topic. The detection and identification technology of generic standard protocols has become more and more mature, and private protocols have been widely used in the communication interaction process of civilian, military and other communication devices. However, due to the lack of reference to standard protocol documents, private protocols are widely used in communication interaction between civil and military communication devices. The research on reverse analysis is rare. From the point of view of network security defense, in order to test the security of network attack and the robustness of complex application environment, the research on private protocol has been paid more and more attention. The measurement and control process of civilian small UAV is private, and the main application protocols belong to private protocol. Therefore, we can not simply use the traditional research means such as matching and identifying the existing protocol signature database to restore the format of its measurement and control protocols and infer the semantic expression of related fields. In this paper, from the point of view of message sequence analysis, we take the bitstream message data as the research object, and use the data statistical analysis and other data mining processing methods. Combined with flight record documents (the flight trajectory and flight state change information of UAV described by third party monitoring), the reverse analysis of private TT & C protocols for civilian small UAVs is realized. Protocol reverse parsing can be divided into three stages. In the first stage, by referring to some good standard measurement and control protocol design, the design parameters can be adjusted, the field is complete, and the protocol entity can be extended to private UAV measurement and control protocol model. Then the simple modeling of UAV flight state is realized on the simulation platform, and the measurement and control session data (bit stream form) between UAV mission and ground base station are simulated. In the second stage, the two kinds of mixed message data are classified simply, then the field domain structure is divided by statistical drawing analysis, improved Apriori association rule mining algorithm and Needleman-Wunsch sequence alignment. Field demarcation and semantic inference. In the third stage, by introducing prior knowledge such as flight record documents, the protocol format restoration and field semantic inference are analyzed more deeply. Based on the test results of many kinds of unknown custom protocol sample data and the objective analysis and evaluation of the analytical results, it is verified that the validity of the protocol reverse parsing method is ensured.
【學(xué)位授予單位】：西南交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：V279;V249;TP393.08

【參考文獻】

相關(guān)期刊論文 前10條

1 董青嶺;;網(wǎng)絡(luò)空間威懾研究及其關(guān)鍵問題[J];信息安全研究;2016年10期

2 陳偉東;黃祖泉;陳傳波;張偉平;吳濤;;網(wǎng)絡(luò)防御和不重復(fù)子串模式匹配算法研究實現(xiàn)[J];計算機技術(shù)與發(fā)展;2016年07期

3 雷東;王韜;趙建鵬;馬云飛;;面向比特流的未知協(xié)議識別與分析技術(shù)綜述[J];計算機應(yīng)用研究;2016年11期

4 宋錚;王永劍;金波;林九川;;二進制程序動態(tài)污點分析技術(shù)研究綜述[J];信息網(wǎng)絡(luò)安全;2016年03期

5 辛偉;時志偉;郝永樂;董國偉;;基于污點分析和符號執(zhí)行的漏洞簽名生成方法[J];清華大學(xué)學(xué)報(自然科學(xué)版);2016年01期

6 劉淵;張春瑞;孟凡治;李桐;岳e，

本文編號：2195312