TWC: Small: Semantics Aware Approaches to Automated Reverse Engineering Unknown Application Protocols

TWC：小型：自动逆向工程未知应用协议的语义感知方法

• 批准号: 1318563
• 负责人: Alex Liu
• 金额: $ 45.5万
• 依托单位: Michigan State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1318563&HistoricalAwards=false
• 关键词: TWC; Small; Semantics; Aware; Approaches

Many application protocols on the Internet, especially those used by malware, are proprietary and have no publicly released specifications. According to the Internet2 NetFlow weekly reports on backbone traffic, more than 40% of Internet traffic belongs to unidentified application protocols. Therefore, it is critical for network security solutions to understand the specifications of these unknown application protocols. For instance, protocol specifications are needed for parsing unknown application protocol in advanced intrusion prevention systems. Protocol specifications are also useful for many other applications such as vulnerability discovery and system integration. Furthermore, even for some application protocols with known specifications, protocol inference is also needed sometimes for identifying implementation details and bugs that are not unambiguously specified. Inferring protocol specification for unknown application protocols is therefore fundamental to network security.The objective of this project is to develop schemes for automatically inferring the protocol specification of unknown applications from their network traces. The PI proposes a semantics aware approach that takes network traces as the input and automatically outputs the inferred protocol message format. This project represents the first effort towards developing semantics aware approaches to protocol inference, a fundamental building block of many network security solutions. This project is potentially transformative research with high-impact. It will enable a spectrum of new network security applications and solutions. The proposed project is interdisciplinary in nature as it applies natural language processing techniques to network security problems.

互联网上的许多应用程序协议，特别是恶意软件使用的协议，都是专有的，没有公开发布的规范。根据Internet2 NetFlow每周关于主干网流量的报告，超过40%的互联网流量属于未识别的应用协议。因此，了解这些未知应用协议的规范对于网络安全解决方案至关重要。例如，在高级入侵防御系统中，需要协议规范来解析未知的应用协议。协议规范对于许多其他应用也很有用，例如漏洞发现和系统集成。此外，即使对于一些具有已知规范的应用协议，有时也需要协议推断来识别未明确指定的实现细节和错误。因此，推断未知的应用程序协议的协议规范是网络安全的基础。本项目的目标是开发自动推断未知的应用程序的协议规范，从他们的网络痕迹的计划。PI提出了一种语义感知的方法，将网络轨迹作为输入，并自动输出推断的协议消息格式。这个项目代表了第一次努力开发语义感知的方法，协议推理，许多网络安全解决方案的基本构建块。该项目是具有高影响力的潜在变革性研究。它将实现一系列新的网络安全应用和解决方案。拟议的项目是跨学科的性质，因为它适用于自然语言处理技术的网络安全问题。