Cargando…
A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering
Protocol Reverse Engineering (PRE) is crucial for information security of Internet-of-Things (IoT), and message clustering determines the effectiveness of PRE. However, the quality of services still lags behind the strict requirement of IoT applications as the results of message clustering are often...
Autores principales: | , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2019
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6386832/ https://www.ncbi.nlm.nih.gov/pubmed/30744187 http://dx.doi.org/10.3390/s19030716 |
_version_ | 1783397432447467520 |
---|---|
author | Luo, Xin Chen, Dan Wang, Yongjun Xie, Peidai |
author_facet | Luo, Xin Chen, Dan Wang, Yongjun Xie, Peidai |
author_sort | Luo, Xin |
collection | PubMed |
description | Protocol Reverse Engineering (PRE) is crucial for information security of Internet-of-Things (IoT), and message clustering determines the effectiveness of PRE. However, the quality of services still lags behind the strict requirement of IoT applications as the results of message clustering are often coarse-grained with the intrinsic type information hidden in messages largely ignored. Aiming at this problem, this study proposes a type-aware approach to message clustering guided by type information. The approach regards a message as a combination of n-grams, and it employs the Latent Dirichlet Allocation (LDA) model to characterize messages with types and n-grams via inferring the type distribution of each message. The type distribution is finally used to measure the similarity of messages. According to this similarity, the approach clusters messages and further extracts message formats. Experimental results of the approach against Netzob in terms of a number of protocols indicate that the correctness and conciseness can be significantly improved, e.g., figures 43.86% and 3.87%, respectively for the CoAP protocol. |
format | Online Article Text |
id | pubmed-6386832 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2019 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-63868322019-02-26 A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering Luo, Xin Chen, Dan Wang, Yongjun Xie, Peidai Sensors (Basel) Article Protocol Reverse Engineering (PRE) is crucial for information security of Internet-of-Things (IoT), and message clustering determines the effectiveness of PRE. However, the quality of services still lags behind the strict requirement of IoT applications as the results of message clustering are often coarse-grained with the intrinsic type information hidden in messages largely ignored. Aiming at this problem, this study proposes a type-aware approach to message clustering guided by type information. The approach regards a message as a combination of n-grams, and it employs the Latent Dirichlet Allocation (LDA) model to characterize messages with types and n-grams via inferring the type distribution of each message. The type distribution is finally used to measure the similarity of messages. According to this similarity, the approach clusters messages and further extracts message formats. Experimental results of the approach against Netzob in terms of a number of protocols indicate that the correctness and conciseness can be significantly improved, e.g., figures 43.86% and 3.87%, respectively for the CoAP protocol. MDPI 2019-02-10 /pmc/articles/PMC6386832/ /pubmed/30744187 http://dx.doi.org/10.3390/s19030716 Text en © 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Luo, Xin Chen, Dan Wang, Yongjun Xie, Peidai A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering |
title | A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering |
title_full | A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering |
title_fullStr | A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering |
title_full_unstemmed | A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering |
title_short | A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering |
title_sort | type-aware approach to message clustering for protocol reverse engineering |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6386832/ https://www.ncbi.nlm.nih.gov/pubmed/30744187 http://dx.doi.org/10.3390/s19030716 |
work_keys_str_mv | AT luoxin atypeawareapproachtomessageclusteringforprotocolreverseengineering AT chendan atypeawareapproachtomessageclusteringforprotocolreverseengineering AT wangyongjun atypeawareapproachtomessageclusteringforprotocolreverseengineering AT xiepeidai atypeawareapproachtomessageclusteringforprotocolreverseengineering AT luoxin typeawareapproachtomessageclusteringforprotocolreverseengineering AT chendan typeawareapproachtomessageclusteringforprotocolreverseengineering AT wangyongjun typeawareapproachtomessageclusteringforprotocolreverseengineering AT xiepeidai typeawareapproachtomessageclusteringforprotocolreverseengineering |