Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering ›› 2010, Vol. 36 ›› Issue (9): 268-270. doi: 10.3969/j.issn.1000-3428.2010.09.095

• Developmental Research • Previous Articles     Next Articles

Network Protocol Reverse Parsing Based on Dynamic Binary Analysis

HE Yong-jun, SHU Hui, XIONG Xiao-bing   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2010-05-05 Published:2010-05-05

基于动态二进制分析的网络协议逆向解析

何永君,舒 辉,熊小兵   

  1. (解放军信息工程大学信息工程学院,郑州 450002)

Abstract: Research on unknown network protocol reverse parsing is of great significance in many network security applications. This paper describes the existing circumstances of protocol reverse extraction technologies, and analyses two main reverse extraction methods, one based on network trace and the other one on data flow analysis. A method based on dynamic binary analysis is presented, which aims at extracting the main protocol fields of a single message by using DynamoRIO platform to implement data flow recording and analyzing.

Key words: protocol reverse parsing, data flow analysis, dynamic binary analysis, protocol field, DynamoRIO platform

摘要: 研究未知网络协议逆向解析技术在网络安全应用中具有重要的意义。基于此,介绍网络协议逆向解析技术的发展现状,分析基于网络轨迹和基于数据流的2种主要解析方法,提出一种基于动态二进制分析技术的逆向解析方法,并选取DynamoRIO平台作为支撑,实现对数据流信息的记录和分析,从而解析出单条协议消息中主要的协议域。

关键词: 协议逆向解析, 数据流分析, 动态二进制分析, 协议域, DynamoRIO平台

CLC Number: