A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering

Luo, Xin; Chen, Dan; Wang, Yongjun; Xie, Peng

doi:10.3390/s19030716

Cited by 12 publications

(5 citation statements)

References 19 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related works have typically focused on inferring message format types from packets of a single unknown protocol [5] - [7], using feature extraction and clustering techniques such as sequence alignment [5] and information bottleneck [8]. Today, there are hundreds of different protocols and it is naive and limiting to assume that a stream of unknown packets belong to a single protocol.…”

Section: Related Workmentioning

confidence: 99%

“…Previous works have also typically used information from the entire packet for feature extraction [5] - [7]. However, only the header of protocol packets usually contain information with relevance to the protocol's operation.…”

Section: Related Workmentioning

confidence: 99%

“…The global sequence alignment technique NWSA used by NETZOB is also computationally time expensive (O(n 2 )), where n is the number of data packets), and makes use of only observable literal information, ignoring semantic information. Luo et al [7] proposed using Latent Dirichlet Allocation (LDA) from NLP to study the type distributions derived from the statistics of message N-grams to infer protocol message formats of different types. However, the study did not perform an extensive hyper-parameter tuning of the α & β that control the Dirichlet distribution or to select the size of LDA topics.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Exploring Unsupervised Learning Methods for Automated Protocol Analysis

Dasgupta¹,

Yan²,

Ong³

et al. 2021

Preprint

View full text Add to dashboard Cite

The ability to analyse and differentiate network protocol traffic is crucial for network resource management to provide differentiated services by Telcos. Automated Protocol Analysis (APA) is crucial to significantly improve efficiency and reduce reliance on human experts. There are numerous automated state-of-the-art unsupervised methods for clustering unknown protocols in APA. However, many such methods have not been sufficiently explored using diverse test datasets. Thus failing to demonstrate their robustness to generalise.This study proposed a comprehensive framework to evaluate various combinations of feature extraction and clustering methods in APA. It also proposed a novel approach to automate selection of dataset dependent model parameters for feature extraction, resulting in improved performance. Promising results of a novel field-based tokenisation approach also led to our proposal of a novel automated hybrid approach for feature extraction and clustering of unknown protocols in APA.Our proposed hybrid approach performed the best in 7 out of 9 of the diverse test datasets, thus displaying the robustness to generalise across diverse unknown protocols. It also outperformed the unsupervised clustering technique in state-of-the-art open-source APA tool, NETZOB in all test datasets.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Exploring Unsupervised Learning Methods for Automated Protocol Analysis

Dasgupta¹,

Yan²,

Ong³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…READ improves Signal extraction and classification efficiency. Luo et al [26] employed the Latent Dirichlet Allocation model to characterize messages with types, and then type distribution is used to measure the similarity of messages and promote the correctness of the message cluster. Goo et al [27] proposed a method that can infer the protocol format, semantic and finite state machine.…”

Section: Related Workmentioning

confidence: 99%

A Security Analysis Method of Security Protocol Implementation Based on Unpurified Security Protocol Trace and Security Protocol Implementation Ontology

Liu

Huang

et al. 2019

IEEE Access

View full text Add to dashboard Cite

The security analysis of Security Protocol Implementations(SPI) is an important part of cybersecurity. However, with the strength of property protection and the widely used applications of code obfuscation technology, the previous security analysis method based on SPI is hard to carry out. Therefore, under the condition that SPI is not available, this paper analyzes the security of the SPI using the unpurified security protocol traces and security protocol implementation ontology. First, we construct the implementation ontology to describes the attributes of the ontology terms. Second, the format analysis method is presented based on unpurified flow. Third, the mapping method is proposed to build the mapping between the security protocol trace and the implementation ontology. Fourth, a is presented to analyze the security of SPI. Finally, FSIA software is designed and implemented according to the method we proposed to analyze the login module of a university information system, the result shows that there is a risk of Ticket leakage in the login module. Compared to the previous method,our proposed method can deal with unpurified network traces and find the vulnerabilities of network and system.INDEX TERMS Security protocol implementation, network trace, security protocol implementation ontology, format analysis, semantic analysis.

show abstract

“…The information contains data relating to finding the object/thing, which is stored in the flip-chip package [ 13 ]. For tag activation, the harvested RF power originating from RFID reader ought to be sufficient, as opposed to the threshold power of the IC after crossing over the barrier losses [ 13 , 14 , 15 ].…”

Section: Introductionmentioning

confidence: 99%

A Compact and Flexible UHF RFID Tag Antenna for Massive IoT Devices in 5G System

Hussain

Amin

Lee

2020

Sensors

View full text Add to dashboard Cite

Upcoming 5th-generation (5G) systems incorporate physical objects (referred to as things), which sense the presence of components such as gears, gadgets, and sensors. They may transmit many kinds of states in the smart city context, such as new deals at malls, safe distances on roads, patient heart rhythms (especially in hospitals), and logistic control at aerodromes and seaports around the world. These serve to form the so-called future internet of things (IoT). From this futuristic perspective, everything should have its own identity. In this context, radio frequency identification (RFID) plays a specific role, which provides wireless communications in a secure manner. Passive RFID tags carry out work using the energy harvested among massive systems. RFID has been habitually realized as a prerequisite for IoT, the combination of which is called IoT RFID (I-RFID). For the current scenario, such tags should be productive, low-profile, compact, easily mountable, and have eco-friendly features. The presently available tags are not cost-effective and have not been proven as green tags for environmentally friendly IoT in 5G systems nor are they suitable for long-range communications in 5G systems. The proposed I-RFID tag uses the meandering angle technique (MAT) to construct a design that satisfies the features of a lower-cost printed antenna over the worldwide UHF RFID band standard (860–960 MHz). In our research, tag MAT antennas are fabricated on paper-based Korsnäs by screen- and flexo-printing, which have lowest simulated effective outcomes with dielectric variation due to humidity and have a plausible read range (RR) for European (EU; 866–868 MHz) and North American (NA; 902–928 MHz) UHF band standards. The I-RFID tag size is reduced by 36% to 38% w.r.t. a previously published case, the tag gain has been improved by 23.6% to 33.12%, and its read range has been enhanced by 50.9% and 59.6% for EU and NA UHF bands, respectively. It provides impressive performance on some platforms (e.g., plastic, paper, and glass), thereby providing a new state-of-the-art I-RFID tag with better qualities in 5G systems.

show abstract

A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering

Cited by 12 publications

References 19 publications

Exploring Unsupervised Learning Methods for Automated Protocol Analysis

Exploring Unsupervised Learning Methods for Automated Protocol Analysis

A Security Analysis Method of Security Protocol Implementation Based on Unpurified Security Protocol Trace and Security Protocol Implementation Ontology

A Compact and Flexible UHF RFID Tag Antenna for Massive IoT Devices in 5G System

Contact Info

Product

Resources

About