Poster: Network message field type recognition

Thumbnail

peer-reviewed

Erstveröffentlichung
2019-11
Autoren
Kleber, Stephan
Kargl, Frank
Beitrag zu einer Konferenz


Erschienen in
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security ; 2019 (2019). - S. 2581-2583. - ISBN 978-1-4503-6747-9
Link zur Originalveröffentlichung
https://dx.doi.org/10.1145/3319535.3363261
Fakultäten
Fakultät für Ingenieurwissenschaften, Informatik und Psychologie
Institutionen
Institut für Verteilte Systeme
Dokumentversion
Akzeptierte Version
Konferenz
2019 ACM SIGSAC Conference on Computer and Communications Security, 2019-11-11 - 2019-11-15, London
Zusammenfassung
Existing approaches to reverse engineer network protocols based on traffic traces lack comprehensive methods to determine the data type, e. g. float, timestamp, or addresses, of segments in messages of binary protocols. We propose a novel method for the analysis of unknown protocol messages to reveal the data types contained in these messages. Therefore, we split messages into segments of bytes and interpret these as vectors of byte values. Based on the vector interpretation, we can determine similarities and characteristics of specific data types. These can be used to classify segments into clusters of the same type and to identify their data type for previously trained data types. We performed first evaluations of different applications of our method that show promising results up the a data-type-recognition precision of 100 %.
Schlagwörter
[GND]: Datensicherung | IPSec | Datennetz | Evaluation | Computersicherheit | Cluster-Analyse
[LCSH]: Electronic data processing; Backup processing alternatives | IPSec (Computer network protocol) | Computer networks | Computer network protocols | Evaluation | Cluster analysis | Computer networks; Security measures
[Freie Schlagwörter]: Protocol testing and verification
[DDC Sachgruppe]: DDC 004 / Data processing & computer science
Lizenz
Standard
https://oparu.uni-ulm.de/xmlui/license_v3
Metadata
Zur Langanzeige

DOI & Zitiervorlage

Nutzen Sie bitte diesen Identifier für Zitate & Links: http://dx.doi.org/10.18725/OPARU-25469

Kleber, Stephan; Kargl, Frank (2020): Poster: Network message field type recognition. Open Access Repositorium der Universität Ulm und Technischen Hochschule Ulm. http://dx.doi.org/10.18725/OPARU-25469
Verschiedene Zitierstile >