• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

基于网络流量分析和二进制逆向工程的协议漏洞检测

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

作者信息

Wen Shameng, Meng Qingkun, Feng Chao, Tang Chaojing

机构信息

College of Electronic Science and Engineering, National University of Defense Technology, Changsha, China.

出版信息

PLoS One. 2017 Oct 19;12(10):e0186188. doi: 10.1371/journal.pone.0186188. eCollection 2017.

DOI:10.1371/journal.pone.0186188
PMID:29049409
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC5648143/
Abstract

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

摘要

网络协议漏洞检测在许多领域都发挥着重要作用,包括协议安全分析、应用程序安全和网络入侵检测。在本研究中,通过分析网络协议的通用模糊测试方法,我们提出了一种将网络流量分析与二进制逆向工程方法相结合的新颖方法。对于网络流量分析,引入了基于块的协议描述语言来构建测试脚本,而二进制逆向工程方法采用了遗传算法,其适应度函数旨在关注代码覆盖率。这种结合显著改进了网络协议的模糊测试。我们构建了一个原型系统,并使用它来测试几个实际的网络协议实现。实验结果表明,与SPIKE等通用模糊测试方法相比,所提出的方法能更高效、有效地检测漏洞。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/ceb1d9b75fca/pone.0186188.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/1a8bd2165c41/pone.0186188.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/25e806b37995/pone.0186188.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/b1881fe7de89/pone.0186188.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/91599f92167d/pone.0186188.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/ceb1d9b75fca/pone.0186188.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/1a8bd2165c41/pone.0186188.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/25e806b37995/pone.0186188.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/b1881fe7de89/pone.0186188.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/91599f92167d/pone.0186188.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3541/5648143/ceb1d9b75fca/pone.0186188.g005.jpg

相似文献

1
Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.基于网络流量分析和二进制逆向工程的协议漏洞检测
PLoS One. 2017 Oct 19;12(10):e0186188. doi: 10.1371/journal.pone.0186188. eCollection 2017.
2
A model-guided symbolic execution approach for network protocol implementations and vulnerability detection.一种用于网络协议实现和漏洞检测的模型引导符号执行方法。
PLoS One. 2017 Nov 16;12(11):e0188229. doi: 10.1371/journal.pone.0188229. eCollection 2017.
3
GAN model using field fuzz mutation for in-vehicle CAN bus intrusion detection.基于场模糊突变的 GAN 模型在车载 CAN 总线入侵检测中的应用。
Math Biosci Eng. 2022 May 11;19(7):6996-7018. doi: 10.3934/mbe.2022330.
4
V-Fuzz: Vulnerability Prediction-Assisted Evolutionary Fuzzing for Binary Programs.V-Fuzz:二进制程序漏洞预测辅助进化模糊测试。
IEEE Trans Cybern. 2022 May;52(5):3745-3756. doi: 10.1109/TCYB.2020.3013675. Epub 2022 May 19.
5
A systematic review of fuzzing based on machine learning techniques.基于机器学习技术的模糊测试系统综述。
PLoS One. 2020 Aug 18;15(8):e0237749. doi: 10.1371/journal.pone.0237749. eCollection 2020.
6
Coverage-guided differential testing of TLS implementations based on syntax mutation.基于语法突变的 TLS 实现的覆盖引导差异测试。
PLoS One. 2022 Jan 24;17(1):e0262176. doi: 10.1371/journal.pone.0262176. eCollection 2022.
7
Ffuzz: Towards full system high coverage fuzz testing on binary executables.Ffuzz:二进制可执行文件的全系统高覆盖率模糊测试方法。
PLoS One. 2018 May 23;13(5):e0196733. doi: 10.1371/journal.pone.0196733. eCollection 2018.
8
A vulnerability detection method for IoT protocol based on parallel fuzzy algorithm.一种基于并行模糊算法的物联网协议漏洞检测方法。
Heliyon. 2024 May 29;10(12):e31846. doi: 10.1016/j.heliyon.2024.e31846. eCollection 2024 Jun 30.
9
A two-stage flow-based intrusion detection model for next-generation networks.一种用于下一代网络的基于两阶段流的入侵检测模型。
PLoS One. 2018 Jan 12;13(1):e0180945. doi: 10.1371/journal.pone.0180945. eCollection 2018.
10
Adaptive Sampling Technique Using Regression Modelling and Fuzzy Inference System for Network Traffic.
Stud Health Technol Inform. 2017;242:592-599.

引用本文的文献

1
Coverage-guided differential testing of TLS implementations based on syntax mutation.基于语法突变的 TLS 实现的覆盖引导差异测试。
PLoS One. 2022 Jan 24;17(1):e0262176. doi: 10.1371/journal.pone.0262176. eCollection 2022.