TWC: Small: Semantics Aware Approaches to Automated Reverse Engineering Unknown Application Protocols

TWC：小型：自动逆向工程未知应用协议的语义感知方法

• 批准号: 1318563
• 负责人: Alex Liu
• 金额: $ 45.5万
• 依托单位: Michigan State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1318563&HistoricalAwards=false
• 关键词: TWC; Small; Semantics; Aware; Approaches

Many application protocols on the Internet, especially those used by malware, are proprietary and have no publicly released specifications. According to the Internet2 NetFlow weekly reports on backbone traffic, more than 40% of Internet traffic belongs to unidentified application protocols. Therefore, it is critical for network security solutions to understand the specifications of these unknown application protocols. For instance, protocol specifications are needed for parsing unknown application protocol in advanced intrusion prevention systems. Protocol specifications are also useful for many other applications such as vulnerability discovery and system integration. Furthermore, even for some application protocols with known specifications, protocol inference is also needed sometimes for identifying implementation details and bugs that are not unambiguously specified. Inferring protocol specification for unknown application protocols is therefore fundamental to network security.The objective of this project is to develop schemes for automatically inferring the protocol specification of unknown applications from their network traces. The PI proposes a semantics aware approach that takes network traces as the input and automatically outputs the inferred protocol message format. This project represents the first effort towards developing semantics aware approaches to protocol inference, a fundamental building block of many network security solutions. This project is potentially transformative research with high-impact. It will enable a spectrum of new network security applications and solutions. The proposed project is interdisciplinary in nature as it applies natural language processing techniques to network security problems.

Internet上的许多应用程序协议，尤其是恶意软件使用的协议，都是专有的，并且没有公开发布的规格。根据Internet2 Netflow每周有关主干流量的报告，超过40％的Internet流量属于身份不明的应用程序协议。因此，对于网络安全解决方案而言，了解这些未知应用程序协议的规格至关重要。例如，在高级入侵预防系统中解析未知应用程序协议需要协议规范。协议规范对于许多其他应用程序也很有用，例如漏洞发现和系统集成。此外，即使对于具有已知规格的某些应用程序协议，有时也需要进行协议推断，以识别未明确指定的实现详细信息和错误。因此，推断未知应用程序协议的协议规范是网络安全性的基础。该项目的目的是开发用于自动从其网络痕迹中推断未知应用程序的协议规范的方案。 PI提出了一种语义意识方法，该方法是输入时采用网络跟踪的方法，并自动输出推断的协议消息格式。该项目代表着开发语义知识方法的第一个努力，这是许多网络安全解决方案的基本组成部分。该项目是具有高影响力的潜在变革性研究。它将启用各种新的网络安全应用程序和解决方案。所提出的项目本质上是跨学科的，因为它将自然语言处理技术应用于网络安全问题。