通信学报
通信學報
통신학보
JOURNAL OF CHINA INSTITUTE OF COMMUNICATIONS
2013年
10期
162-173
,共12页
潘璠%洪征%周振吉%吴礼发
潘璠%洪徵%週振吉%吳禮髮
반번%홍정%주진길%오례발
协议逆向工程%协议格式提取%动态污点分析%中间语言
協議逆嚮工程%協議格式提取%動態汙點分析%中間語言
협의역향공정%협의격식제취%동태오점분석%중간어언
protocol reverse engineering%protocol format extraction%dynamic taint analysis%intermediate language
现有协议格式提取方法在语法层次对程序执行轨迹进行分析,字段识别结果可能存在冗余和冲突。为了提高字段识别准确率,提出了一种语义层次的协议格式提取方法。方法首先将执行轨迹中的二进制指令转换为语义等价的中间语言形式,并通过细粒度的动态污点分析跟踪字段语义解析过程,在此基础上,依据字段的语义不可分割性,利用语义层次的字段识别策略实现了协议格式提取。测试结果表明,该方法具有较高的识别精度和较低的分析复杂度。
現有協議格式提取方法在語法層次對程序執行軌跡進行分析,字段識彆結果可能存在冗餘和遲突。為瞭提高字段識彆準確率,提齣瞭一種語義層次的協議格式提取方法。方法首先將執行軌跡中的二進製指令轉換為語義等價的中間語言形式,併通過細粒度的動態汙點分析跟蹤字段語義解析過程,在此基礎上,依據字段的語義不可分割性,利用語義層次的字段識彆策略實現瞭協議格式提取。測試結果錶明,該方法具有較高的識彆精度和較低的分析複雜度。
현유협의격식제취방법재어법층차대정서집행궤적진행분석,자단식별결과가능존재용여화충돌。위료제고자단식별준학솔,제출료일충어의층차적협의격식제취방법。방법수선장집행궤적중적이진제지령전환위어의등개적중간어언형식,병통과세립도적동태오점분석근종자단어의해석과정,재차기출상,의거자단적어의불가분할성,이용어의층차적자단식별책략실현료협의격식제취。측시결과표명,해방법구유교고적식별정도화교저적분석복잡도。
Present methods for protocol format extraction analyze the execution traces of programs at syntax level, which leads to redundancy and conflict in the results of field identification. In order to improve the accuracy of field identifica-tion, a semantic level method was proposed for protocol format extraction. The method firstly translated the binary in-structions into equivalent intermediate language, and then tracked the parsing process of field semantics through fine-grained dynamic taint analysis. Further, it extracted protocol format using semantic level policies of field identifica-tion, based on the semantic indivisibility of fields. Experimental results show that the proposed method can achieve high identification accuracy with low complexity.
