Poster: Network message field type recognition

Thumbnail

peer-reviewed

Erstveröffentlichung
2019-11
Authors
Kleber, Stephan
Kargl, Frank
Beitrag zu einer Konferenz


Published in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security ; 2019 (2019). - S. 2581-2583. - ISBN 978-1-4503-6747-9
Link to original publication
https://dx.doi.org/10.1145/3319535.3363261
Faculties
Fakultät für Ingenieurwissenschaften, Informatik und Psychologie
Institutions
Institut für Verteilte Systeme
Document version
accepted version
Conference
2019 ACM SIGSAC Conference on Computer and Communications Security, 2019-11-11 - 2019-11-15, London
Abstract
Existing approaches to reverse engineer network protocols based on traffic traces lack comprehensive methods to determine the data type, e. g. float, timestamp, or addresses, of segments in messages of binary protocols. We propose a novel method for the analysis of unknown protocol messages to reveal the data types contained in these messages. Therefore, we split messages into segments of bytes and interpret these as vectors of byte values. Based on the vector interpretation, we can determine similarities and characteristics of specific data types. These can be used to classify segments into clusters of the same type and to identify their data type for previously trained data types. We performed first evaluations of different applications of our method that show promising results up the a data-type-recognition precision of 100 %.
Subject headings
[GND]: Datensicherung | IPSec | Datennetz | Evaluation | Computersicherheit | Cluster-Analyse
[LCSH]: Electronic data processing; Backup processing alternatives | IPSec (Computer network protocol) | Computer networks | Computer network protocols | Evaluation | Cluster analysis | Computer networks; Security measures
[Free subject headings]: Protocol testing and verification
[DDC subject group]: DDC 004 / Data processing & computer science
License
Standard
https://oparu.uni-ulm.de/xmlui/license_v3
Metadata
Show full item record

DOI & citation

Please use this identifier to cite or link to this item: http://dx.doi.org/10.18725/OPARU-25469

Kleber, Stephan; Kargl, Frank (2020): Poster: Network message field type recognition. Open Access Repositorium der Universität Ulm und Technischen Hochschule Ulm. http://dx.doi.org/10.18725/OPARU-25469
Citation formatter >