Name
Abstract | ||
|---|---|---|
AbstractSummaryWith the recent exponential increase in internet speeds, the traditional network environment is evolving into a high‐capacity network environment. Network traffic usage is also increasing exponentially, as are new malicious behaviors and related applications. Most of these applications and malicious behaviors use unknown protocols for which the structure is inaccessible; hence, protocol reverse engineering is receiving increasing attention in the field of network management. Various approaches have been proposed, but they still suffer from misidentification of field boundaries. To understand message structures properly, it is important to identify accurately the boundaries of the fields constituting the protocol message; accurate keyword extraction based on this approach leads to the correct inference of message types, semantics, and state machine. In this study, we propose a message keyword extraction method using accurate identification of field boundaries from delimiter inference and statistical analysis. Through the identification of field boundaries, messages can be subdivided into fields. We evaluate the efficacy of the proposed method by applying it to several textual and binary protocols. The proposed method showed better results than did other previous studies for both textual and binary protocols.In this article, we propose a message keyword extraction method using accurate identification of field boundaries from delimiter inference and statistical analysis. This method infers three types of delimiters, which are basic, key, and singleton delimiter. For plaintext protocols, the method extracts keywords using delimiters. For binary protocols, the method extracts keywords using frequent pattern mining with positional analysis. This method can extracts accurate keywords, plays a vital role in inferring the structure of message types and the subsequent analysis. View Figure |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1002/nem.2140 | Periodicals |
DocType | Volume | Issue |
Journal | 31 | 4 |
ISSN | Citations | PageRank |
1099-1190 | 0 | 0.34 |
References | Authors | |
0 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Young‐Hoon Goo | 1 | 0 | 0.34 |
| Kyu-Seok Shim | 2 | 7 | 7.72 |
| Min‐Seob Lee | 3 | 0 | 0.34 |
| Myung-Sup Kim | 4 | 325 | 45.01 |