메뉴 건너뛰기
.. 내서재 .. 알림
소속 기관/학교 인증
인증하면 논문, 학술자료 등을  무료로 열람할 수 있어요.
한국대학교, 누리자동차, 시립도서관 등 나의 기관을 확인해보세요
(국내 대학 90% 이상 구독 중)
로그인 회원가입 고객센터 ENG
주제분류
인문학
인문학 일반 역사학 철학 종교학 어문학 기타 인문학
사회과학
사회과학 일반 경영학 관광학 교육학 군사학 문헌정보학 법학 사회학 신문방송학 심리과학 정치외교학 지리학 행정학 경제학 무역학 인류학 기타 사회과학
자연과학
자연과학 일반 물리학 생물학 생활과학 수학·통계학 천문학 지구과학 화학 기타 자연과학
공학
공학 일반 건축공학 기계공학 산업공학 재료·에너지공학 전기전자공학 조선해양공학 화학공학 컴퓨터학 기타공학
의약학
의학 일반 간호학 수의학 약학 한의학 기초의학 임상의학 기타 의약학
농수해양학
농수해양학 일반 농학 수산학 식품과학 임학 축산학 해상운송학 기타 농수해양학
예술체육학
예술 일반 디자인 미술 미용 사진 음악학 의상 체육 공연매체예술 기타 예술체육학
복합학
학제간연구 과학기술학 뇌인지과학 기술정책 기타 복합학

ENG

추천
검색

논문 기본 정보

자료유형
학위논문
저자정보

Young-Hoon Goo (고려대학교, 고려대학교 대학원)

지도교수
김명섭
발행연도
2020
저작권
고려대학교 논문은 저작권에 의해 보호받습니다.

이용수0

표지
AI에게 요청하기
추천
검색

이 논문의 연구 히스토리 (2)

2020

An Automatic Protocol Reverse Engineering Approach from the Viewpoint of the TCP/IP Reference Model
Young-Hoon Goo ,  Kyu-Seok Shim ,  Ui-Jun Baek 외 4명 한국통신학회 APNOMS 2020.09 학술대회자료
Automatic Reverse Engineering for Clarification of Unknown Protocol Structure
Young-Hoon Goo 컴퓨터정보학과 2020.01 학위논문

초록· 키워드

오류제보하기
As the amount of Internet traffic increases due to newly emerging applications and malicious behaviors with their frequent updates, the amount of traffic that must be analyzed is also rapidly increasing. Many protocols that occur under these situations are unknown and non-documented. For efficient network management and security, a deep understanding of these unknown protocols is required. Although several protocol reverse engineering methods have been introduced in the literature, there is still no standardized method to completely extract a protocol specification. None of these methods infer abundant, detailed enough, or intuitive specification. Besides, all of these methods still face major limitations in automation and the genericity. All methods are designed only for a particular layer or type of protocols. Additionally, compared to research of various protocol reverse engineering methods, the research of how to verify the inferred results has received little attention. To combat such problems, in this thesis, we cover the three main aspects: the quality improvement of the inferred specification, the genericity of the method, an objective evaluation method. First, we propose a novel automatic protocol reverse engineering method to extract an abundant, intuitive, and clear protocol specification. The proposed method infers all the key elements of the protocol, which are syntax, semantics, and finite state machine (FSM), and extracts clear syntax by defining fine-grained field types and three types of format: field format, message format, and flow format. Second, we proposed a method that is designed to be generally applicable, regardless of the specific network environment and protocol type from the viewpoint of the TCP/IP reference model. Lastly, we introduce a method to verify the inferred results objectively and multifaceted evaluation metrics. We demonstrate the feasibility of the proposed method by applying it to several protocols in various layers of the TCP/IP reference model.
#protocol reverse engineering #network security #Contiguous Sequential Pattern algorithm #Two-pathway model #TCP/IP reference model

목차

1 Introduction 11
1.1 Background 11
1.2 Motivation 12
1.3 Problem statement 14
1.3.1 Deficiencies in inferred specification 14
1.3.2 Genericity and Automation 15
1.3.3 Absence of an objective evaluation method 15
1.4 Contribution 16
2 Related Work 19
2.1 Categories of protocol reverse engineering approaches 19
2.1.1 Automated or vice versa 19
2.1.2 Categorization by analysis scheme 20
2.1.2.1 Application-based method 20
2.1.2.2 Network-based method 21
2.2 Existing limitations 23
2.2.1 Paucity in extracted specification 23
2.2.1.1 Non-abundance 23
2.2.1.2 Non-intuitiveness 25
2.2.1.3 Unclearness and Non-detail 27
2.2.2 Paucity in genericity and fully automation 28
2.2.2.1 Design depending particular protocol type 29
2.2.2.2 Design depending particular network environment 30
2.2.3 Paucity in objective performance evaluation 32
3 Contiguous Sequential Pattern (CSP) Algorithm 35
3.1 Basic Concept of CSP Algorithm 35
3.2 Hierarchical CSP Algorithm 40
4 Overall Design of the Well-trimmed Protocol Specification Extraction Method 47
4.1 Terminology and our field format model 47
4.2 Overview of the proposed method 49
4.3 Message assemble 50
4.4 Syntax inference 53
4.4.1 SF(v) field format extracting 53
4.4.2 DF(v) field format extracting 54
4.4.3 Message format extracting 58
4.4.4 Additional field format extracting in each message format 59
4.5 Semantics inference 63
4.5.1 MSG-TYPE 64
4.5.2 MSG-Len 66
4.5.3 Host-ID 67
4.5.4 Session-ID 68
4.5.5 Trans-ID 68
4.5.6 Accumulators 69
4.6 Behavior inference 70
5 General Reverse Engineering Approach from the Viewpoint of TCP/IP Reference Model 72
5.1 Proposed general approach 72
5.1.1 Key insight 72
5.1.2 Methodology 73
5.1.3 Application of the proposed approach 76
6 Two-pathway Model: General Reverse Engineering Approach regardless of Protocol Type 78
6.1 Two-pathway model 78
7 Performance Evaluation Method 82
7.1 Performance evaluation metrics 82
7.1.1 Metrics for field format 82
7.1.1.1 ConcisenessTF 82
7.1.1.2 ConcisenessEF 83
7.1.1.3 Correctness 84
7.1.1.4 Coverage 84
7.1.2 Metrics for message format 84
7.1.2.1 CorrectnessEMi 84
7.1.2.2 CorrectnessTotal 85
7.1.2.3 CoverageEMi 85
7.1.2.4 CoverageTotal 86
7.1.2.5 DetailEMi 87
7.1.2.6 DetailTotal 87
7.1.2.7 Compression 88
7.2 Comprehensive interpretation for intuitive comparison 88
7.2.1 Priority of metrics interpretation 88
7.2.2 Comprehensive interpretation 89
8 Evaluation 91
8.1 Dataset 91
8.2 Comparative study of syntax inference 94
8.2.1 Comparative verification for HTTP and DNS 94
8.2.2 Result of reverse engineering for HTTP 97
8.2.3 Result of reverse engineering for DNS 100
8.3 Comparative study of semantics inference 102
8.4 Genericity verification 104
8.4.1 Stand-alone verification 104
8.4.2 Genericity verification for protocol layer 106
8.4.3 Genericity verification for protocol type 109
9 Conclusions and Future Works 112
REFERENCE 114
ACKNOWLEDGEMENTS 135

최근 본 자료

전체보기

댓글(0)

0