网络协议隐形攻击行为的挖掘和利用

TP393; 网络协议的隐形攻击行为生存性、隐蔽性和攻击性强,且不易被现有的安全防护手段检测到.为了弥补现有协议分析方法的不足,从实现协议程序的指令入手,通过动态二进制分析捕获协议的正常行为指令序列.然后通过指令聚类和特征距离计算挖掘出潜在的隐形攻击行为指令序列.将挖掘出的隐形攻击行为指令序列以内联汇编的方式加载到通用运行框架,在自主研发的虚拟分析平台HiddenDisc上动态分析执行,并评估隐形攻击行为的安全性.除了挖掘分析和有针对性的防御隐形攻击行为之外,还通过自主设计的隐形变换方法对隐形攻击行为进行形式变换,利用改造后的隐形攻击行为对虚拟靶机成功实施了攻击而未被发现.实验结果表明,对协议...

Full description

Saved in:
Bibliographic Details
Published in通信学报 Vol. 38; no. z1; pp. 118 - 126
Main Authors 胡燕京, 裴庆祺
Format Journal Article
LanguageChinese
Published 武警工程大学网络与信息安全武警部队重点实验室,陕西 西安 710086 2017
西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安 710071%西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安,710071
Subjects
指令聚类
instruction clustering
stealth transformation
协议逆向分析
stealth attack behavior
隐形攻击行为
隐形变换
protocol reverse analysis
Online AccessGet full text
ISSN1000-436X
DOI10.11959/j.issn.1000-436x.2017244

Cover

Abstract TP393; 网络协议的隐形攻击行为生存性、隐蔽性和攻击性强,且不易被现有的安全防护手段检测到.为了弥补现有协议分析方法的不足,从实现协议程序的指令入手,通过动态二进制分析捕获协议的正常行为指令序列.然后通过指令聚类和特征距离计算挖掘出潜在的隐形攻击行为指令序列.将挖掘出的隐形攻击行为指令序列以内联汇编的方式加载到通用运行框架,在自主研发的虚拟分析平台HiddenDisc上动态分析执行,并评估隐形攻击行为的安全性.除了挖掘分析和有针对性的防御隐形攻击行为之外,还通过自主设计的隐形变换方法对隐形攻击行为进行形式变换,利用改造后的隐形攻击行为对虚拟靶机成功实施了攻击而未被发现.实验结果表明,对协议隐形攻击行为的挖掘是准确的,对其改造利用以增加信息攻防能力.
AbstractList TP393; 网络协议的隐形攻击行为生存性、隐蔽性和攻击性强,且不易被现有的安全防护手段检测到.为了弥补现有协议分析方法的不足,从实现协议程序的指令入手,通过动态二进制分析捕获协议的正常行为指令序列.然后通过指令聚类和特征距离计算挖掘出潜在的隐形攻击行为指令序列.将挖掘出的隐形攻击行为指令序列以内联汇编的方式加载到通用运行框架,在自主研发的虚拟分析平台HiddenDisc上动态分析执行,并评估隐形攻击行为的安全性.除了挖掘分析和有针对性的防御隐形攻击行为之外,还通过自主设计的隐形变换方法对隐形攻击行为进行形式变换,利用改造后的隐形攻击行为对虚拟靶机成功实施了攻击而未被发现.实验结果表明,对协议隐形攻击行为的挖掘是准确的,对其改造利用以增加信息攻防能力.
Abstract_FL The survivability, concealment and aggression of network protocol's stealth attack behaviors were very strong, and they were not easy to be detected by the existing security measures. In order to compensate for the shortcomings of existing protocol analysis methods, starting from the instructions to implement the protocol program, the normal behavior instruction sequences of the protocol were captured by dynamic binary analysis. Then, the potential stealth attack beha-vior instruction sequences were mined by means of instruction clustering and feature distance computation. The mined stealth attack behavior instruction sequences were loaded into the general executing framework for inline assembly. Dy-namic analysis was implemented on the self-developed virtual analysis platform HiddenDisc, and the security of stealth attack behaviors were evaluated. Excepting to mining analysis and targeted defensive the stealth attack behaviors, the stealth attack behaviors were also formally transformed by the self-designed stealth transformation method, by using the stealth attack behaviors after transformation, the virtual target machine were successfully attacked and were not detected. Experimental results show that, the mining of protocol stealth attack behaviors is accurate, the transformation and use of them to increase information offensive and defensive ability is also feasible.
Author 胡燕京
裴庆祺
AuthorAffiliation 武警工程大学网络与信息安全武警部队重点实验室,陕西 西安 710086;西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安 710071%西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安,710071
AuthorAffiliation_xml – name: 武警工程大学网络与信息安全武警部队重点实验室,陕西 西安 710086;西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安 710071%西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安,710071
Author_FL HU Yan-jing
PEI Qing-qi
Author_FL_xml – sequence: 1
  fullname: HU Yan-jing
– sequence: 2
  fullname: PEI Qing-qi
Author_xml – sequence: 1
  fullname: 胡燕京
– sequence: 2
  fullname: 裴庆祺
BookMark eNrjYmDJy89LZWBQNDTQMzS0NLXUz9LLLC7O0zM0MDDQNTE2q9AzMjA0NzIxYWHghIlFcDDwFhdnJhmYGhqbmxkYG3IyGDzfO_H57jlPe_tfrFv3ctaEp3sXPZuy-2n77hcLe57s2PV8VsuznmnP-mY8ndTztGPl8ykreBhY0xJzilN5oTQ3Q4iba4izh66Pv7uns6OPbrKpubluoqWhqZGBsXFyqrmJcZqBhYWFuUVqioGRSVpqqoG5eZKhZVqKiZGRqbFZUppRsrGFhWFyWlqqmbmFhamhUaKBhTE3gyrE2PLEvLTEvPT4rPzSojyghfElFRVJIK9VGQIJYwDIFlkS
ClassificationCodes TP393
ContentType Journal Article
Copyright Copyright © Wanfang Data Co. Ltd. All Rights Reserved.
Copyright_xml – notice: Copyright © Wanfang Data Co. Ltd. All Rights Reserved.
DBID 2B.
4A8
92I
93N
PSX
TCJ
DOI 10.11959/j.issn.1000-436x.2017244
DatabaseName Wanfang Data Journals - Hong Kong
WANFANG Data Centre
Wanfang Data Journals
万方数据期刊 - 香港版
China Online Journals (COJ)
China Online Journals (COJ)
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
DocumentTitle_FL Mining and utilization of network protocol's stealth attack behavior
EndPage 126
ExternalDocumentID txxb2017z1017
GrantInformation_xml – fundername: 国家自然科学基金资助项目(No.61373170, No.61402530, No.61309022, No.61309008)The National Natural Science Foundation of China
  funderid: (61373170, 61402530, 61309022, 61309008)
GroupedDBID -0Y
2B.
4A8
92I
93N
ALMA_UNASSIGNED_HOLDINGS
CCEZO
CUBFJ
GROUPED_DOAJ
PSX
TCJ
ID FETCH-LOGICAL-c577-a9152033ce743f088878ed024fee077b19fd422536bf2c3881cffe6788512a083
ISSN 1000-436X
IngestDate Thu May 29 04:00:48 EDT 2025
IsPeerReviewed false
IsScholarly true
Issue z1
Keywords 指令聚类
instruction clustering
stealth transformation
协议逆向分析
stealth attack behavior
隐形攻击行为
隐形变换
protocol reverse analysis
Language Chinese
LinkModel OpenURL
MergedId FETCHMERGED-LOGICAL-c577-a9152033ce743f088878ed024fee077b19fd422536bf2c3881cffe6788512a083
PageCount 9
ParticipantIDs wanfang_journals_txxb2017z1017
PublicationCentury 2000
PublicationDate 2017
PublicationDateYYYYMMDD 2017-01-01
PublicationDate_xml – year: 2017
  text: 2017
PublicationDecade 2010
PublicationTitle 通信学报
PublicationTitle_FL Journal on Communications
PublicationYear 2017
Publisher 武警工程大学网络与信息安全武警部队重点实验室,陕西 西安 710086
西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安 710071%西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安,710071
Publisher_xml – name: 武警工程大学网络与信息安全武警部队重点实验室,陕西 西安 710086
– name: 西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安 710071%西安电子科技大学综合业务网理论及关键技术国家重点实验室,陕西 西安,710071
SSID ssib051376031
ssj0002912165
ssib058759023
ssib001102965
ssib023646527
ssib023168036
ssib036439991
ssib050281523
ssib000968473
Score 2.1397982
Snippet TP393; 网络协议的隐形攻击行为生存性、隐蔽性和攻击性强,且不易被现有的安全防护手段检测到.为了弥补现有协议分析方法的不足,从实现协议程序的指令入手,通过动态二进制分...
SourceID wanfang
SourceType Aggregation Database
StartPage 118
Title 网络协议隐形攻击行为的挖掘和利用
URI https://d.wanfangdata.com.cn/periodical/txxb2017z1017
Volume 38
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVHPJ
  databaseName: ROAD: Directory of Open Access Scholarly Resources
  issn: 1000-436X
  databaseCode: M~E
  dateStart: 19800101
  customDbUrl:
  isFulltext: true
  dateEnd: 99991231
  titleUrlDefault: https://road.issn.org
  omitProxy: true
  ssIdentifier: ssib058759023
  providerName: ISSN International Centre
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3Na9RAFA9tBfEiioqfpYJzKlszk0ky7zjbZimCnir0VjbJRE8r2C2UPehF0EP9pIgUL3rSS89i6X_jdut_4Xsv2Wy0FT9gCbOT9zFvXpL3m2TejOfdCJ3OTRFErUyaFAcoWdSCPM9azmS5n6YFQnBKTr59J1q-q2-thqtT048bs5Y2-ulCNjg2r-R_vIp16FfKkv0Hz9ZCsQLL6F88oofx-Fc-Fkks2ksCJBfaAhZFEgqzJExHJEbYhH4JCLACfDqFxFaJJBKgiZ6ImZGIpTDIjvVGtC0JRC6jiRjrIeJCIsAQFygmRnZkBCbWwpom0iW9NIvCsswOyUd6iw0oRVlhw7G3Sb8JmCSmFkHITEiy2CSxgWhrNgNbFhGtpXLzxUWZockXGWmp1JlxAcmZiVhRJfeAxZbHjbYd7VLuE7R9Ygi2XwrbYa5EGOCuCEnmMUqBbTPsCCOgwzUxuYmsVaINlRxgZ1lb9S25T-MtwIzAnWLY4s58XapbMM_rJ0WNGEPJ_DrgDRzrIBSYxs02kI2QIqv4VKITWa4vcDTwQQgc-UjFwljFJs1djFW5wuYv64r3NzdTOjugh_K0d0LRCy2a-_ooaY5vEb00E699BZPP4op2PUMINPkf6ShUNZ4NCO7CZDGmEMEs4sVaXihpStbkM3SIg2eoNrFiKKVAKsnbwdaddtK7Prb35u-s5QS8XtHt3WtgxZUz3ulqkDdnyzv2rDc1uH_O80f7r0d774fPXx7u7n7feTXc_3iwvTd8unf4Yevbl6-jnScHW28PXrwbvtkaPvs82v503lvpJCuLy61qv5JWFsZxqwtomx8EmUNUXmD0NrFxOWLgwjk_jlMJRa4xfAZRWqgsMEZmReEQLOKgR3VxKHTBm-k96LmL3lymdJyBn3UdpLqIXDfQ2kmn_S7G3CJ3l7zZysC16nG0vvaTPy__ieCKd4rK5cvEq95M_-GGu4bwup_O8iXwA5r6k2E
linkProvider ISSN International Centre
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=%E7%BD%91%E7%BB%9C%E5%8D%8F%E8%AE%AE%E9%9A%90%E5%BD%A2%E6%94%BB%E5%87%BB%E8%A1%8C%E4%B8%BA%E7%9A%84%E6%8C%96%E6%8E%98%E5%92%8C%E5%88%A9%E7%94%A8&rft.jtitle=%E9%80%9A%E4%BF%A1%E5%AD%A6%E6%8A%A5&rft.au=%E8%83%A1%E7%87%95%E4%BA%AC&rft.au=%E8%A3%B4%E5%BA%86%E7%A5%BA&rft.date=2017&rft.pub=%E6%AD%A6%E8%AD%A6%E5%B7%A5%E7%A8%8B%E5%A4%A7%E5%AD%A6%E7%BD%91%E7%BB%9C%E4%B8%8E%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%AD%A6%E8%AD%A6%E9%83%A8%E9%98%9F%E9%87%8D%E7%82%B9%E5%AE%9E%E9%AA%8C%E5%AE%A4%2C%E9%99%95%E8%A5%BF+%E8%A5%BF%E5%AE%89+710086&rft.issn=1000-436X&rft.volume=38&rft.issue=z1&rft.spage=118&rft.epage=126&rft_id=info:doi/10.11959%2Fj.issn.1000-436x.2017244&rft.externalDocID=txxb2017z1017
thumbnail_s http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=http%3A%2F%2Fwww.wanfangdata.com.cn%2Fimages%2FPeriodicalImages%2Ftxxb%2Ftxxb.jpg