posted on 2017-08-10, 15:14authored byOthman Esoul, Neil Walkinshaw
Many applications in security, from understanding
unfamiliar protocols to fuzz-testing and guarding against potential
attacks, rely on analysing network protocols. In many
situations we cannot rely on access to a specification or even
an implementation of the protocol, and must instead rely on
raw network data “sniffed” from the network. When this is
the case, one of the key challenges is to discern from the raw
data the underlying packet structures – a task that is commonly
carried out by using alignment algorithms to identify
commonalities (e.g. field delimiters) between packets. For this,
most approaches have used variants of the Needleman Wunsch
algorthm to perform byte-wise alignment. However, they can
suffer when messages are heterogeneous, or in cases where
protocol fields are separated by long variable fields. In this
paper, we present an alternative alignment algorithm known
as segment-based alignment. We show how this technique
can produce accurate results on traces from several common
protocols, and how the results tend to be more intuitive than
those produced by state-of-the-art techniques.
History
Citation
IEEE International Conference on Quality, Reliability and Security, 2017
Author affiliation
/Organisation/COLLEGE OF SCIENCE AND ENGINEERING/Department of Computer Science
Source
IEEE International Conference on Quality, Reliability and Security QRS 2017