|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies
Biprominer: Automatic Mining of Binary Protocol Features
Gwangju, Korea
October 20-October 22
ISBN: 978-0-7695-4564-6
| ASCII Text | x | ||
| Yipeng Wang, Xingjian Li, Jiao Meng, Yong Zhao, Zhibin Zhang, Li Guo, "Biprominer: Automatic Mining of Binary Protocol Features," Parallel and Distributed Computing Applications and Technologies, International Conference on, pp. 179-184, 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, 2011. | |||
| BibTex | x | ||
| @article{ 10.1109/PDCAT.2011.25, author = {Yipeng Wang and Xingjian Li and Jiao Meng and Yong Zhao and Zhibin Zhang and Li Guo}, title = {Biprominer: Automatic Mining of Binary Protocol Features}, journal ={Parallel and Distributed Computing Applications and Technologies, International Conference on}, volume = {0}, year = {2011}, isbn = {978-0-7695-4564-6}, pages = {179-184}, doi = {http://doi.ieeecomputersociety.org/10.1109/PDCAT.2011.25}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - Parallel and Distributed Computing Applications and Technologies, International Conference on TI - Biprominer: Automatic Mining of Binary Protocol Features SN - 978-0-7695-4564-6 SP179 EP184 A1 - Yipeng Wang, A1 - Xingjian Li, A1 - Jiao Meng, A1 - Yong Zhao, A1 - Zhibin Zhang, A1 - Li Guo, PY - 2011 KW - Protocol Specifications KW - Protocol Message Format KW - Intrusion Detection VL - 0 JA - Parallel and Distributed Computing Applications and Technologies, International Conference on ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PDCAT.2011.25
Application-level protocol specifications are helpful for network security management, including intrusion detection and intrusion prevention which rely on monitoring technologies such as deep packet inspection. Moreover, detailed knowledge of protocol specifications is also an effective way of detecting malicious code. However, current methods for obtaining unknown and proprietary protocol message formats (i.e., no publicly available protocol specification), especially binary protocols, highly rely on manual operations, such as reverse engineering which is time-consuming and laborious. In this paper, we propose Biprominer, a tool that can automatically extract binary protocol message formats of an application from its real-world network trace. In addition, we present a transition probability model for a better description of the protocol. The chief feature of Biprominer is that it does not need to have any priori knowledge of protocol formats, because Biprominer is based on the statistical nature of the protocol format. We evaluate the efficacy of Biprominer over three binary protocols, with an average precision more than 99% and a recall better than 96.7%.
Index Terms:
Protocol Specifications, Protocol Message Format, Intrusion Detection
Citation:
Yipeng Wang, Xingjian Li, Jiao Meng, Yong Zhao, Zhibin Zhang, Li Guo, "Biprominer: Automatic Mining of Binary Protocol Features," pdcat, pp.179-184, 2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies, 2011
Usage of this product signifies your acceptance of the Terms of Use.