Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

State Machine Inference Method of Unknown Binary Protocol Based on Recurrent Neural Network

  • Conference paper
  • First Online:
Big Data and Security (ICBDS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1563))

Included in the following conference series:

  • 1119 Accesses

Abstract

The state machine of binary protocol can effectively reflect the behavior characteristics of the protocol, and its inference results are often not highly influenced by the protocol format information and logical interaction. To solve this problem, a protocol message type recognition and protocol state architecture method based on recurrent neural network is proposed. Based on the previous work of format classification, this paper uses recursive neural network to get the state features of protocol messages, and then uses clustering algorithm to mark protocol message types. Finally, the protocol state machine is constructed and optimized. Experimental results on MQTT and RFID data sets show that the proposed method has high precision of protocol state machine inference.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. CNCERT: China Internet Network Security Report 2020. Posts and Telecommunications Press, Beijing (2021)

    Google Scholar 

  2. Weiming, L., Aifang, Z., Jiancai, L., et al.: An automatic network protocol fuzz testing and vulnerability discovering method. Chin. J. Comput. 34(02), 242–255 (2011)

    Article  Google Scholar 

  3. Lingyun, Y., Yi, Y., Dengguo, F., et al.: Syntax and behavior semantics analysis of network protocol of malware. J. Softw. 22(07), 1676–1689 (2011)

    Article  Google Scholar 

  4. Lifa, W., Chen, W., Zheng, H., et al.: Overview on protocol state machine inference: a survey. Appl. Res. Comput. 32(07), 1931–1936 (2015)

    Google Scholar 

  5. Shevertalov, M., Mancoridis, S.: A reverse engineering tool for extracting protocols of networked applications, pp. 229–238. IEEE (2007)

    Google Scholar 

  6. Trifilo, A., Burschka, S., Biersack, E.: Traffic to protocol reverse engineering, pp. 1–8. IEEE (2009)

    Google Scholar 

  7. Chen, W., Lifa, W., Zheng, H., et al.: Method of protocol state machine inference based on state merging. J. PLA Univ. Sci. Technol. (Nat. Science Edition) 16(04), 322–329 (2015)

    Google Scholar 

  8. Jun, W.: EDSM-based protocol state machine reverse for binary protocol. Harbin Institute of Technology (2016)

    Google Scholar 

  9. Comparetti, P.M., et al. Prospex: protocol specification extraction. In: 2009 30th IEEE Symposium on Security and Privacy (2009)

    Google Scholar 

  10. Yan, X.: Research and implementation on the key technologies for binary private protocol reverse. Information Engineering University (2018)

    Google Scholar 

  11. Wang, Y., Zhang, Z., Yao, D., Qu, B., Guo, L.: Inferring protocol state machine from network traces: a probabilistic approach. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011, pp. 1–18. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21554-4_1

    Chapter  Google Scholar 

  12. Qin Zhongyuan, L., Kai, Z.Q., et al.: Approach of field format extraction in binary private protocol. J. Chin. Comput. Syst. 40(11), 2318–2323 (2019)

    Google Scholar 

  13. Guorui, W.: Time series data clustering algorithm based on recurrent neural network and its parallelization. Harbin Institute of Technology (2016)

    Google Scholar 

  14. Zeng, X.: Traffic anomaly detection method based on improved RNN and density clustering. Beijing University of Posts and Telecommunications (2019)

    Google Scholar 

  15. Tian Xianzhong, G., Anna, S.H.: Recurrent neural networks for time series with fuzzy control. J. Chin. Comput. Syst. 42(02), 241–245 (2021)

    Google Scholar 

  16. Gu Chunxiang, W., Weisen, S.Y., et al.: Method of unknown protocol classification based on autoencoder. J. Commun. 41(06), 88–97 (2020)

    Google Scholar 

Download references

Acknowledgement

The subject is sponsored by the National Natural Science Foundation of P. R. China (No. 61872196, No. 61872194, No. 61902196, No. 62102194 and No. 62102196), Scientific and Technological Support Project of Jiangsu Province (No. BE2019740, No. BK20200753 and No. 20KJB520001), Major Natural Science Research Projects in Colleges and Universities of Jiangsu Province (No. 18KJA520008), Six Talent Peaks Project of Jiangsu Province (No. RJFW-111), Postgraduate Research and Practice Innovation Program of Jiangsu Province (No. KYCX19_0909, No. KYCX19_0911, No. KYCX20_0759, No. KYCX21_0787, No. KYCX21_0788 and No. KYCX21_0799).

Author information

Authors and Affiliations

  1. School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, 210023, China

    Yang Chen, Peng Li, Yujie Zhang & Weiqing Fang

  2. Institute of Network Security and Trusted Computing, Nanjing, 210023, China

    Peng Li

Authors
  1. Yang Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yujie Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Weiqing Fang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peng Li .

Editor information

Editors and Affiliations

  1. Nanjing Institute of Technology, Nanjing, China

    Yuan Tian

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Tinghuai Ma

  3. King Saud University, Riyadh, Saudi Arabia

    Muhammad Khurram Khan

  4. Texas Tech University, Lubbock, TX, USA

    Victor S. Sheng

  5. Tianjin University, Tianjin, China

    Zhaoqing Pan

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, Y., Li, P., Zhang, Y., Fang, W. (2022). State Machine Inference Method of Unknown Binary Protocol Based on Recurrent Neural Network. In: Tian, Y., Ma, T., Khan, M.K., Sheng, V.S., Pan, Z. (eds) Big Data and Security. ICBDS 2021. Communications in Computer and Information Science, vol 1563. Springer, Singapore. https://doi.org/10.1007/978-981-19-0852-1_48

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-0852-1_48

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-0851-4

  • Online ISBN: 978-981-19-0852-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation