Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Semantic-level protocol format inference method based on execution trace

A protocol format and execution trajectory technology, applied in the network field, can solve the problems of difficult assembly instruction analysis, complete difficult analysis strategies, and low accuracy of protocol format determination, achieving high accuracy, reducing difficulty, and ensuring completeness.

Inactive Publication Date: 2013-07-10
PLA UNIV OF SCI & TECH
View PDF2 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The two main problems addressed by the present invention are: the existing reverse analysis usually converts binary code into assembly code, the analysis of assembly instructions is difficult, and it is difficult to ensure the completeness of the analysis strategy; reverse analysis at the grammatical level, the accuracy of protocol format determination not tall

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Semantic-level protocol format inference method based on execution trace
  • Semantic-level protocol format inference method based on execution trace
  • Semantic-level protocol format inference method based on execution trace

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be further explained below in conjunction with the accompanying drawings.

[0024] like figure 1 As shown, the embodiment of the present invention captures and stores the instruction execution trace of the protocol entity program when parsing the message data, which is used as the basis for inferring the message protocol format. During the reverse process of the protocol format, the intermediate language conversion is firstly performed, and the binary instructions in the execution trajectory are converted into intermediate language instructions to reduce the difficulty of reverse analysis. On the basis of intermediate language, fine-grained dynamic taint analysis is carried out to grasp the impact of each input message byte in the system with the execution of instructions on memory, registers and other storage spaces. Finally, the semantic-level protocol format inference, based on the characteristics of the semantic-level protocol parsing sta...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a semantic-level protocol format inference method based on an execution trace. The semantic-level protocol format inference method is characterized in that the protocol format adopted by a message is inferred according to a binary instruction execution trace generated in message analysis. The semantic-level protocol format inference method comprises the following steps of: firstly, transferring an intermediate language: transferring the instruction execution trace of a protocol entity program in analyzing of a communication message into the form of the intermediate language; secondly, implementing dynamic taint analysis of fine granularity: carrying out the dynamic taint analysis of the fine granularity based on the execution trace in form of the intermediate language, in order to analyze the process of the protocol entity program in analyzing the message, and mastering the spread and the influence of each message byte serving as the input in the system along with the execution of a program instruction; and thirdly, inferring the semantic-level protocol format: gaining the complete protocol message format based on the characteristics of the semantic-level protocol at the analysis stage; and the working process in the intermediate language transfer stage is that a binary instruction in the execution trace is individually converted into a simple and semantic equivalence type intermediate language instruction, and an abstract execution trace based on the intermediate language is generated.

Description

technical field [0001] The invention relates to network technology, in particular to a method for inferring the format of a protocol message according to a binary instruction execution track generated by message parsing. Background technique [0002] In a communication network, a protocol defines the format and order of messages exchanged between two or more communicating entities, and the actions to be taken in connection with message transmission or other events. The protocol is regarded as the core element of the communication network, and its quality is directly related to the stability, reliability, security and interoperability of the network and system. A large number of network security technologies such as intrusion detection, fuzzing, protocol reuse, and protocol vulnerability analysis are all based on the detailed description information of the protocol. [0003] At present, the analysis and identification technology for known protocols is relatively mature. But...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/70
Inventor 洪征吴礼发潘璠周振吉赖海光郑成辉
Owner PLA UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com