all InfoSec news
Message Type Identification of Binary Network Protocols using Continuous Segment Similarity. (arXiv:2002.03391v2 [cs.NI] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Protocol reverse engineering based on traffic traces infers the behavior of
unknown network protocols by analyzing observable network messages. To perform
correct deduction of message semantics or behavior analysis, accurate message
type identification is an essential first step. However, identifying message
types is particularly difficult for binary protocols, whose structural features
are hidden in their densely packed data representation. We leverage the
intrinsic structural features of binary protocols and propose an accurate
method for discriminating message types.
Our approach uses …
binary continuous identification message network protocols segment similarity