Cargando…
Protocol vulnerability detection based on network traffic analysis and binary reverse engineering
Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines networ...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Public Library of Science
2017
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5648143/ https://www.ncbi.nlm.nih.gov/pubmed/29049409 http://dx.doi.org/10.1371/journal.pone.0186188 |
| _version_ | 1783272345291456512 |
|---|---|
| author | Wen, Shameng Meng, Qingkun Feng, Chao Tang, Chaojing |
| author_facet | Wen, Shameng Meng, Qingkun Feng, Chao Tang, Chaojing |
| author_sort | Wen, Shameng |
| collection | PubMed |
| description | Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. |
| format | Online Article Text |
| id | pubmed-5648143 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2017 |
| publisher | Public Library of Science |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-56481432017-11-03 Protocol vulnerability detection based on network traffic analysis and binary reverse engineering Wen, Shameng Meng, Qingkun Feng, Chao Tang, Chaojing PLoS One Research Article Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE. Public Library of Science 2017-10-19 /pmc/articles/PMC5648143/ /pubmed/29049409 http://dx.doi.org/10.1371/journal.pone.0186188 Text en © 2017 Wen et al http://creativecommons.org/licenses/by/4.0/ This is an open access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) , which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. |
| spellingShingle | Research Article Wen, Shameng Meng, Qingkun Feng, Chao Tang, Chaojing Protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| title | Protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| title_full | Protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| title_fullStr | Protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| title_full_unstemmed | Protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| title_short | Protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| title_sort | protocol vulnerability detection based on network traffic analysis and binary reverse engineering |
| topic | Research Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5648143/ https://www.ncbi.nlm.nih.gov/pubmed/29049409 http://dx.doi.org/10.1371/journal.pone.0186188 |
| work_keys_str_mv | AT wenshameng protocolvulnerabilitydetectionbasedonnetworktrafficanalysisandbinaryreverseengineering AT mengqingkun protocolvulnerabilitydetectionbasedonnetworktrafficanalysisandbinaryreverseengineering AT fengchao protocolvulnerabilitydetectionbasedonnetworktrafficanalysisandbinaryreverseengineering AT tangchaojing protocolvulnerabilitydetectionbasedonnetworktrafficanalysisandbinaryreverseengineering |