Paper Info
Title
Inference of network unknown protocol structure using CSP(Contiguous Sequence Pattern) algorithm based on tree structure.
Abstract
As Internet traffic generation grows and new applications and malicious acts continue to emerge, traffic to be analyzed is growing rapidly. Most network security threat traffic is communicated using unknown protocol. Thus, protocol reverse engineering is very important to address network security issues. While various protocol reverse engineering methods have been studied, there is no single standardized method to extract protocol specification completely yet, and each of methods has some limitations. This paper proposes to extract the static fields of the protocol. The method uses CSP algorithm based on Apriori to extract the common strings. However, we propose the method of extraction of a protocol static field using the CSP algorithm based on the tree structure because it is not possible to extract all static fields with only CSP algorithm. This method allows extraction of all static fields that are infrequent but possible, not just frequently occurring. This method has been validated by experiments with HTTP protocol.
Year
Venue
Keywords
2018
IEEE IFIP Network Operations and Management Symposium
protocol reverse engineering,Field Format,Message Format,Flow Format,State Machine,CSP Algorithm
Field
DocType
ISSN
Telecommunications network,Computer science,Reverse engineering,Network security,A priori and a posteriori,Algorithm,Tree structure,Hypertext Transfer Protocol,Internet traffic,Distributed computing,The Internet
Conference
1542-1201
Citations 
PageRank 
References 
0
0.34
0
Authors
5
Name
Order
Citations
PageRank
Kyu-Seok Shim177.72
Young-Hoon Goo233.24
Min-Seob Lee301.35
Huru Hasanova420.78
Myung-Sup Kim532545.01