基于人机协作迭代分析的网络协议逆向方法  

作　　者：马春来 王群[2] 孙中豪 王占丰 胡超 MA Chunlai;WANG Qun;SUN Zhonghao;WANG Zhanfeng;HU Chao(College of Electronic Engineering,National University of Defense Technology,Hefei 230037,China;Zhejiang Shuren University,Hangzhou 310015,China;National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC),Beijing 100029,China;Nanjing Lexbell Information Technology Co.,Ltd.,Nanjing 210014 China;Army Engineering University of PLA,Nanjing 210007,China)

机构地区：[1]国防科技大学电子对抗学院,合肥230037 [2]浙江树人大学,浙江杭州310015 [3]国家计算机网络与信息安全管理中心,北京100029 [4]南京莱克贝尔信息技术有限公司,江苏南京210014 [5]陆军工程大学,江苏南京210007

出　　处：《信息对抗技术》2024年第5期84-96,共13页Information Countermeasure Technology

基　　金：国家重点研发计划项目(2022YFB3104002);浙江省公益基金资助项目(LGG20F020014);江苏省重点研发计划项目(BE2022081)。

摘　　要：协议逆向分析在网络安全领域具有重要意义,现有方法主要依靠计算机进行自动化推断,并未考虑人的经验知识干预条件下可能带来的信息增益,存在准确性较低的问题。鉴于此,提出了一种基于人机协作迭代分析的网络协议逆向方法,该方法基于人机协作协议逆向分析框架,利用XML将人的经验知识进行知识表征,通过迭代式修正阶段性分析结果,克服了因缺乏知识辅助而导致的协议词法、语法及状态机推断准确率较低的问题。以典型工控协议数据样本为例进行了实验和对比分析,结果表明了该方法的有效性和可行性。Protocol reverse analysis plays a significant role in the field of network security.Existing methods primarily rely on computers for automated inference,without considering the potential information gain that may be brought about under the condition of human experiential knowledge intervention,thus resulting in issues of low accuracy.In light of this,a network protocol reverse method based on human-machine collaboration and iterative analysis was proposed.This method is based on the human-machine collaborative protocol reverse analysis framework,using XML to represent human experiential knowledge.By iteratively correcting the phased analysis results,it overcomes the issue of low accuracy in protocol lexical,syntactic and state machine inference due to the lack of knowledge assistance.The expe-riment conducted a comparative analysis using typical industrial control protocol data samples as examples,and the results demonstrated the effectiveness and feasibility of this method.

关 键 词：网络协议逆向 人机协作 知识表征 迭代分析 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]