Inferring Protocol State Machine From Network Traces: A Probabilistic Approach

Application-level protocol specifications (i.e., how a protocol should behave) are helpful for network security management, including intrusion detection and intrusion prevention. The knowledge of protocol specifications is also an effective way of detecting malicious code. However, current methods for obtaining unknown protocol specifications highly rely on manual operations, such as reverse engineering which is a major instrument for extracting application-level specifications, but is time-consuming and laborious. Several works have focus their attentions on extracting protocol messages from real-world trace automatically, and leave protocol state machine unsolved.

Provided by: Chinese Academy of Sciences Topic: Security Date Added: Apr 2011 Format: PDF

Find By Topic