计算机应用 ›› 2013, Vol. 33 ›› Issue (12): 3486-3489.

• 信息安全 • 上一篇    下一篇

基于状态标注的协议状态机逆向方法

黄笑言,陈性元,祝宁,唐慧林   

  1. 信息工程大学,郑州 450004
  • 收稿日期:2013-06-13 修回日期:2013-08-19 出版日期:2013-12-01 发布日期:2013-12-31
  • 通讯作者: 黄笑言
  • 作者简介:黄笑言(1989-),女,福建福州人,硕士研究生,主要研究方向:信息安全、协议逆向;
    陈性元(1963-),男,安徽无为人,教授,博士,主要研究方向:信息安全、分布式操作系统;
    祝宁(1981-),男,辽宁抚顺人,讲师,博士,主要研究方向:网络对抗;
    唐慧林(1980-),男,安徽枞阳人,讲师,硕士,主要研究方向:信息安全。
  • 基金资助:
    国家973计划项目;河南省科技创新人才计划项目

Protocol state machine reverse method based on labeling state

HUANG Xiaoyan,CHEN Xingyuan,ZHU Ning,TANG Huilin   

  1. Information Engineering University, Zhengzhou Henan 450004, China
  • Received:2013-06-13 Revised:2013-08-19 Online:2013-12-31 Published:2013-12-01
  • Contact: HUANG Xiaoyan

摘要: 协议状态机可以描述一个协议的行为,帮助理解协议的行为逻辑。面向文本类协议,首先利用统计学方法提取表示报文类型的语义关键字;然后利用邻接矩阵描述报文类型之间的时序关系,基于时序关系进行协议状态标注,构建出协议的状态转换图。实验表明,该方法可以正确地描述出报文类型的时序关系,抽象出准确的状态机模型。

关键词: 协议逆向, 协议语义, 协议会话, 协议状态机, 邻接矩阵

Abstract: Protocol state machine can describe the behavior of a protocol, which can help to understand the behavior logic of protocol. Oriented towards text protocols, a statistical method was firstly used to extract the semantic keyword of representative message type, and an adjacency matrix was used to describe the sequential relationship between the message types, based on which the protocol states were labeled and a state transition diagram was built. The experimental results show that the method can accurately describe the sequential relationship between the message types and abstract state machine model accurately.

Key words: protocol reverse, protocol semantic, protocol session, protocol state machine, adjacency matrix

中图分类号: