Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Digital Economy

SPDE 2020: Security and Privacy in Digital Economy pp 606–624Cite as

Deep Learning-Based Reverse Method of Binary Protocol

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1268))

Abstract

With the growth of network equipment, the security of network access environment becomes particularly important. Many network security technologies, such as vulnerability mining, fuzzy testing and intrusion detection, have attracted more and more attention. However, the effectiveness of these security technologies will be greatly reduced in the face of unknown protocols. By automatically extracting the format information of unknown protocols through the protocol reverse technology, the processing capability of the above security technologies in the face of unknown protocols can be enhanced. In this paper, by analyzing the changing characteristics of protocol fields, a field sequence coding method is proposed, which is suitable for reflecting the field sequence characteristics of different protocols and can improve the generalization ability of the model. Using the above field sequence coding method, a field classification model for unknown protocols is implemented based on the LSTM-FCN network, which is widely used in time series classification tasks. Finally, a binary protocol reverse method based on deep learning is proposed. The method is based on the field classification model and realizes the division and type identification of unknown protocol fields according to the classification results. In the experiment, the field classification model has high accuracy and recall in different protocols, which shows that the model has the ability to identify the field type according to the changing characteristics of the field. The proposed protocol reverse method also accurately and quickly identifies the field and its type, proving the reverse ability of the method to unknown binary protocols.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Yusheng, W., Kefeng, F., Yingxu, L.: Intrusion detection of industrial control system based on modbus TCP protocol. In: Proceedings of the 13th IEEE International Symposium on Autonomous Decentralized System, Bangkok, Thailand, 22–24 March 2017 (2017)

    Google Scholar 

  2. Zhang, S., Zhang, L.: Vulnerability mining for network protocols based on fuzzing. In: Proceedings of the 2nd International Conference on Systems and Informatics, Shanghai, China, 15–17 November 2014 (2014)

    Google Scholar 

  3. Zhao, J., Su, Z., Ma, J., Cui, B.: Fuzzing test method based on constraint-conditions priority for LTE-EPC protocol. In: Barolli, L., Javaid, N., Ikeda, M., Takizawa, M. (eds.) CISIS 2018. AISC, vol. 772, pp. 465–475. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-93659-8_41

    Chapter  Google Scholar 

  4. Narayan, J., Shukla, K., Clancy, T.: A survey of automatic protocol reverse engineering tools. CSUR 48, 40:1–40:26 (2016)

    Article  Google Scholar 

  5. Xiao, M., Luo, Y.: Automatic protocol reverse engineering using grammatical inference. J. Intell. Fuzzy Syst. 32, 3585–3594 (2017)

    Article  Google Scholar 

  6. Ji, R., Wang, J., Tang, C.: Automatic reverse engineering of private flight control protocols of UAVs. Secur. Commun. Netw. 2017, 1308045:1–1308045:9 (2017)

    Article  Google Scholar 

  7. Sija, B.D., Goo, Y.H., Shim, K.S.: A survey of automatic protocol reverse engineering approaches, methods, and tools on the inputs and outputs view. Secur. Commun. Netw. 2018, 8370341:1–8370341:17 (2018)

    Article  Google Scholar 

  8. Xing, S., Wang, B., Zhou, C., Zhang, Q.: RNA sequences similarities analysis by inner products. In: Bikakis, A., Zheng, X. (eds.) MIWAI 2015. LNCS (LNAI), vol. 9426, pp. 329–339. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26181-2_31

    Chapter  Google Scholar 

  9. Hu, Y.-J.: Instruction sequences clustering and analysis of network protocol’s dormant behaviors. 3PGCIC 2016. LNDECT, vol. 1, pp. 639–649. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49109-7_61

    Chapter  Google Scholar 

  10. Liu, M., Jia, C., Liu, L. Extracting sent message formats from executables using backward slicing. In: Proceedings of the 4th International Conference on Emerging Intelligent Data and Web Technologies, Shaanxi, China, 9–11 September 2013 (2013)

    Google Scholar 

  11. Caballero, J., Song, D.: Automatic protocol reverse-engineering: message format extraction and field semantics inference. Comput. Netw. 57, 451–474 (2013)

    Article  Google Scholar 

  12. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. Commun. ACM 60, 84–90 (2017)

    Article  Google Scholar 

  13. Zhang, X., Sun, H., Wang, S., Xu, J.: Speech signal classification based on convolutional neural networks. In: Sun, F., Liu, H., Hu, D. (eds.) ICCSIP 2018. CCIS, vol. 1006, pp. 281–287. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-7986-4_25

    Chapter  Google Scholar 

  14. Long, J., Shelhamer, E., Darrell, T.: Fully convolutional networks for semantic segmentation. IEEE Trans. Pattern Anal. Mach. Intell. 39, 640–651 (2017)

    Article  Google Scholar 

  15. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9, 1735–1780 (1997)

    Article  Google Scholar 

  16. Jia, Y., Feng, Y., Luo, B., Ye, Y., Liu, T., Zhao, D.: Transition-based discourse parsing with multilayer stack long short term memory. In: Lin, C.-Y., Xue, N., Zhao, D., Huang, X., Feng, Y. (eds.) ICCPOL/NLPCC -2016. LNCS (LNAI), vol. 10102, pp. 360–373. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-50496-4_30

    Chapter  Google Scholar 

  17. Anava, O., Hazan, E., Mannor, S.: Online learning for time series prediction. In: Proceedings of the 26th Annual Conference on Learning Theory, NJ, USA, 12–14 June 2013 (2013)

    Google Scholar 

  18. Han, Y., Zhang, S., Geng, Z.: Multi-frequency decomposition with fully convolutional neural network for time series classification. In: Proceedings of the 24th International Conference on Pattern Recognition, Beijing, China, 20–24 August 2018 (2018)

    Google Scholar 

  19. Wang, Z., Yan, W., Oates, T.: Time series classification from scratch with deep neural networks: a strong baseline. In: Proceedings of the 2017 International Joint Conference on Neural Networks, Anchorage, AK, USA, 14–19 May 2017 (2017)

    Google Scholar 

  20. Karim, F., Majumdar, S., Darabi, H.: LSTM fully convolutional networks for time series classification. IEEE Access 6, 1662–1669 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyber Science and Engineering, Huazhong University of Science and Technology, Wuhan, 430074, China

    Chenglong Yang, Cai Fu, Yao Hong, Guanyun Feng & Lansheng Han

  2. Hubei Engineering Research Center on Big Data Security, Wuhan, 430074, China

    Chenglong Yang, Cai Fu, Yao Hong, Guanyun Feng & Lansheng Han

  3. Department of Command and Control, Air Defence Forces Academy of PLA, Zhengzhou, 450052, China

    Yekui Qian

Authors
  1. Chenglong Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cai Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yekui Qian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yao Hong
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Guanyun Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Lansheng Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yekui Qian .

Editor information

Editors and Affiliations

  1. University of Technology Sydney, Sydney, NSW, Australia

    Shui Yu

  2. IBM Zurich Research Laboratory, Zurich, Switzerland

    Peter Mueller

  3. Ningbo University, Ningbo, China

    Jiangbo Qian

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yang, C., Fu, C., Qian, Y., Hong, Y., Feng, G., Han, L. (2020). Deep Learning-Based Reverse Method of Binary Protocol. In: Yu, S., Mueller, P., Qian, J. (eds) Security and Privacy in Digital Economy. SPDE 2020. Communications in Computer and Information Science, vol 1268. Springer, Singapore. https://doi.org/10.1007/978-981-15-9129-7_42

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-9129-7_42

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-9128-0

  • Online ISBN: 978-981-15-9129-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation