网络协议隐形攻击行为的挖掘和利用

胡燕京; 裴庆祺

doi:10.11959/j.issn.1000-436x.2017244

您当前的位置：

首页 >

文章列表页 >

网络协议隐形攻击行为的挖掘和利用

学术论文 | 更新时间：2024-06-05

- 网络协议隐形攻击行为的挖掘和利用
- Mining and utilization of network protocol’s stealth attack behavior
- 通信学报 2017年38卷第Z1期页码：118-126
- 作者机构：
  
  1. 武警工程大学网络与信息安全武警部队重点实验室，陕西西安 710086
  2. 西安电子科技大学综合业务网理论及关键技术国家重点实验室，陕西西安 710071
- 作者简介：
  
  [ "胡燕京（1980-），男，陕西西安人，博士，武警工程大学讲师，主要研究方向为信息系统安全防护、网络协议逆向分析。" ]
  [ "裴庆祺（1975-），男，广西玉林人，西安电子科技大学教授、博士生导师，主要研究方向为数字内容保护与无线网络安全。" ]
- 基金信息：
  
  国家自然科学基金资助项目(61373170);国家自然科学基金资助项目(61402530);国家自然科学基金资助项目(61309022);国家自然科学基金资助项目(61309008)
- DOI：10.11959/j.issn.1000-436x.2017244
  中图分类号： TP393
- 网络出版日期：2017-10，
  
  纸质出版日期：2017-10-25
- 稿件说明：
移动端阅览
胡燕京, 裴庆祺. 网络协议隐形攻击行为的挖掘和利用[J]. 通信学报, 2017,38(Z1):118-126.

Yan-jing HU, Qing-qi PEI. Mining and utilization of network protocol’s stealth attack behavior[J]. Journal on communications, 2017, 38(Z1): 118-126.
胡燕京, 裴庆祺. 网络协议隐形攻击行为的挖掘和利用[J]. 通信学报, 2017,38(Z1):118-126. DOI： 10.11959/j.issn.1000-436x.2017244.

Yan-jing HU, Qing-qi PEI. Mining and utilization of network protocol’s stealth attack behavior[J]. Journal on communications, 2017, 38(Z1): 118-126. DOI： 10.11959/j.issn.1000-436x.2017244.

摘要

网络协议的隐形攻击行为生存性、隐蔽性和攻击性强，且不易被现有的安全防护手段检测到。为了弥补现有协议分析方法的不足，从实现协议程序的指令入手，通过动态二进制分析捕获协议的正常行为指令序列。然后通过指令聚类和特征距离计算挖掘出潜在的隐形攻击行为指令序列。将挖掘出的隐形攻击行为指令序列以内联汇编的方式加载到通用运行框架，在自主研发的虚拟分析平台HiddenDisc上动态分析执行，并评估隐形攻击行为的安全性。除了挖掘分析和有针对性的防御隐形攻击行为之外，还通过自主设计的隐形变换方法对隐形攻击行为进行形式变换，利用改造后的隐形攻击行为对虚拟靶机成功实施了攻击而未被发现。实验结果表明，对协议隐形攻击行为的挖掘是准确的，对其改造利用以增加信息攻防能力。

Abstract

The survivability

concealment and aggression of network protocol’s stealth attack behaviors were very strong

and they were not easy to be detected by the existing security measures.In order to compensate for the shortcomings of existing protocol analysis methods

starting from the instructions to implement the protocol program

the normal behavior instruction sequences of the protocol were captured by dynamic binary analysis.Then

the potential stealth attack behavior instruction sequences were mined by means of instruction clustering and feature distance computation.The mined stealth attack behavior instruction sequences were loaded into the general executing framework for inline assembly.Dynamic analysis was implemented on the self-developed virtual analysis platform HiddenDisc

and the security of stealth attack behaviors were evaluated.Excepting to mining analysis and targeted defensive the stealth attack behaviors

the stealth attack behaviors were also formally transformed by the self-designed stealth transformation method

by using the stealth attack behaviors after transformation

the virtual target machine were successfully attacked and were not detected.Experimental results show that

the mining of protocol stealth attack behaviors is accurate

the transformation and use of them to increase information offensive and defensive ability is also feasible.

关键词

Keywords

references

HARALE S T A . Detection and analysis of network ＆ application layer attacks using honey pot with system security features [J ] . International Journal of Advance Research,Ideas and Innovations in Technology , 2017 : 1 - 4 .

MING J , XIN Z , LAN P , et al . Impeding behavior-based malware analysis via replacement attacks to malware specifications [J ] . Journal of Computer Virology and Hacking Techniques , 2016 : 1 - 15 .

BOSSERT G,GUIHÉRY F , HIET G . Towards automated protocol reverse engineering using semantic information [J ] . 9th ACM Symposium on Information,Computer and Communications Security , 2014 .

胡燕京 , 裴庆祺 . 网络协议隐形攻击行为的聚类感知挖掘 [J ] . 通信学报 , 2017 , 38 ( 6 ): 39 - 48 .

HU Y J , PEI Q Q . Clustering perception mining of network protocol’s stealth attack behavior [J ] . Journal on Communicaitons , 2017 , 38 ( 6 ): 39 - 48 .

ANDERSON B , STORLIE C , LANE T . Improving malware classification:bridging the static/dynamic gap [C ] // The 5th ACM Workshop on Security and Artificial Intelligence . 2012 .

EGELE M , SCHOLTE T , KIRDA E , et al . A survey on automated dynamic malware-analysis techniques and tools [J ] . ACM Computing Surveys , 2012 : 1 - 42 .

CABALLERO J , SONG D . Automatic protocol reverse-engineering:message format extraction and field semantics inference [J ] . Computer Networks , 2013 : 451 - 474 .

LCLI X D , . A survey on methods of automatic protocol reverse engineering [C ] // The 2011 Seventh International Conference on Computational Intelligence and Security . 2011 : 685 - 689 .

CANFORA G , IANNACCONE A , VISAGGIO C . Static analysis for the detection of metamorphic computer viruses using repeatedinstructions counting heuristics [J ] . Journal of Computer Virology and Hacking Techniques , 2014 : 11 - 27 .

KANG B , KIM T , KWON H , et al . Malware classification method via binary content comparison [C ] // The 2012 ACM Research in Applied Computation Symposium . 2012 .

HAN K , LIM J H , IM E G . Malware analysis method using visualization of binary files [C ] // The 2013 Research in Adaptive and Convergent Systems . Canada , 2013 .

QIAO Y , HE J , YANG Y , et al . A lightweight design of malware behavior representation [C ] // IEEE International Conference on Trust Security and Privacy in Computing and Communications,IEEE Computer Society . 2013 : 1607 - 1612 .

CABALLERO J , POOSANKAM P , KREIBICH C , et al . Dispatcher:enabling active botnet infiltration using automatic protocol reverse-engineering [C ] // The 16th ACM Conference on Computer and Communications Security . Chicago,Illinois,USA , 2009 .

KANG J , PARK J H . A secure-coding and vulnerability check system based on smart-fuzzing and exploit [J ] . Neurocomputing , 2017 .

BUCHLER M , HOSSEN K , MIHANCEA P F , et al . Model inference and security testing in the spacios project [C ] // Software Maintenance,Reengineering and Reverse Engineering . 2014 : 411 - 414 .

CUI B , WANG F , HAO Y , et al . A taint based approach for automatic reverse engineering of gray-box file formats [J ] . Soft Computing , 2015 : 1 - 16 .

POLINO M , SCORTI A , MAGGI F , et al . Jackdaw:towards automatic reverse engineering of large datasets of binaries [J ] . Detection of Intrusions and Malware,and Vulnerability Assessment.Springer International Publishing , 2015 : 121 - 143 .

RAHIMIAN A , ZIARATI R , PREDA S , et al . On the reverse engineering of the citadel botnet [M ] . Foundations and Practice of Security . Springer International Publishing , 2014 : 408 - 425 .

浏览量

596

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

网络协议隐形攻击行为的聚类感知挖掘