Abstract:
As Internet traffic generation grows and new applications and malicious acts continue to emerge, traffic to be analyzed is growing rapidly. Most network security threat t...Show MoreMetadata
Abstract:
As Internet traffic generation grows and new applications and malicious acts continue to emerge, traffic to be analyzed is growing rapidly. Most network security threat traffic is communicated using unknown protocol. Thus, protocol reverse engineering is very important to address network security issues. While various protocol reverse engineering methods have been studied, there is no single standardized method to extract protocol specification completely yet, and each of methods has some limitations. This paper proposes to extract the static fields of the protocol. The method uses CSP algorithm based on Apriori to extract the common strings. However, we propose the method of extraction of a protocol static field using the CSP algorithm based on the tree structure because it is not possible to extract all static fields with only CSP algorithm. This method allows extraction of all static fields that are infrequent but possible, not just frequently occurring. This method has been validated by experiments with HTTP protocol.
Date of Conference: 23-27 April 2018
Date Added to IEEE Xplore: 09 July 2018
ISBN Information:
Electronic ISSN: 2374-9709