高级检索
    李峻辰, 程光, 杨刚芹. 基于网络流量的私有协议逆向技术综述[J]. 计算机研究与发展, 2023, 60(1): 167-190. DOI: 10.7544/issn1000-1239.202110722
    引用本文: 李峻辰, 程光, 杨刚芹. 基于网络流量的私有协议逆向技术综述[J]. 计算机研究与发展, 2023, 60(1): 167-190. DOI: 10.7544/issn1000-1239.202110722
    Li Junchen, Cheng Guang, Yang Gangqin. Private Protocol Reverse Engineering Based on Network Traffic: A Survey[J]. Journal of Computer Research and Development, 2023, 60(1): 167-190. DOI: 10.7544/issn1000-1239.202110722
    Citation: Li Junchen, Cheng Guang, Yang Gangqin. Private Protocol Reverse Engineering Based on Network Traffic: A Survey[J]. Journal of Computer Research and Development, 2023, 60(1): 167-190. DOI: 10.7544/issn1000-1239.202110722

    基于网络流量的私有协议逆向技术综述

    Private Protocol Reverse Engineering Based on Network Traffic: A Survey

    • 摘要: 协议逆向技术是分析私有协议的重要途径,基于少量或零先验知识推断私有协议的约束与规范.在恶意应用监管、协议模糊测试、脆弱性检测、通信行为理解等方面均具有较高的实用价值.网络流量表征协议规范,承载协议固有特征,因此基于网络流量的私有协议逆向技术更适用于发现、分析并监管网络上的私有协议.在梳理现有的基于网络流量的私有协议逆向技术基础上,首先提出包括预推理、协议格式推断、语义分析以及协议状态机推理4步骤的基于网络流量的私有协议逆向技术框架,并阐述各个步骤的主要任务,提出面向研究方法本质的分类结构;其次,详细阐述各个私有协议逆向技术的方法流程,从适用协议类型、方法内核、推断算法等多个角度进行对比分析,提供现有基于网络流量的私有协议逆向技术系统概述;最后,归纳总结现有技术存在的问题以及主要影响因素,并对私有协议逆向技术的未来研究方向与应用场景进行展望.

       

      Abstract: Protocol reverse engineering is an important way to analyze private protocols, which can infer the protocol constraints and specifications with little or no prior knowledge, so protocol reverse engineering has practical value in malware supervision, protocol fuzz testing and vulnerability detection, interaction behavior understanding and so on. Network traffic characterizes protocol specifications and bears the inherent characteristics of protocol, so that the private protocol reverse engineering based on network traffic is more suitable for discovering, analyzing and monitoring the private protocol on the network. In this paper, we provide a thorough review of the existing private protocol reverse engineering based on network traffic: Firstly, the architecture of private protocol reverse engineering based on network traffic is proposed, which includes four steps of pre-inference, protocol format inference, semantic analysis, and protocol state machine inference. The main research tasks of each step are also elaborated and a classification structure oriented to the core of the research method is proposed. Secondly, the method and process of each private protocol reverse engineering are described in detail, and a comparative analysis from multiple perspectives of applicable protocol type, technology kernel, and inference algorithms etc is made. A systematic overview of existing private protocol reverse engineering based on network traffic is conducted. Finally, the shortcomings of existing research and main influencing factors are summarized, and the future research direction and application scenarios of private protocol reverse engineering are prospected.

       

    /

    返回文章
    返回