通信学报2017,Vol.38Issue(6):39-48,10.DOI:10.11959/j.issn.1000-436x.2017123
网络协议隐形攻击行为的聚类感知挖掘
Clustering perception mining of network protocol's stealth attack behavior
摘要
Abstract
Deep stealth attack behavior in the network protocol becomes a new challenge to network security. In view of the shortcomings of the existing protocol reverse methods in the analysis of protocol behavior, especially the stealth at-tack behavior mining, a novel instruction clustering perception mining algorithm was proposed. By extracting the proto-col's behavior instruction sequences,and clustering analysis of all the behavior instruction sequences using the instruction clustering algorithm, the stealth attack behavior instruction sequences can be mined quickly and accurately from a large number of unknown protocol programs according to the calculation results of the behavior distance. Combining dynamic taint analysis with instruction clustering analysis,1297 protocol samples were analyzed in the virtual analysis platform hidden disc which was developed independently,and 193 stealth attack behaviors were successfully mined,the results of automatic analysis and manual analysis were completely consistent. Experimental results show that,the solution is ideal for perception mining the protocol's stealth attack behavior in terms of efficiency and accuracy.关键词
协议逆向分析/隐形攻击行为/指令聚类Key words
protocol reverse analysis/stealth attack behavior/instruction clustering分类
信息技术与安全科学引用本文复制引用
胡燕京,裴庆祺..网络协议隐形攻击行为的聚类感知挖掘[J].通信学报,2017,38(6):39-48,10.基金项目
国家自然科学基金资助项目(No.61373170,No.61402530,No.61309022,No.61309008)The National Natural Science Foundation of China (No.61373170, No.61402530, No.61309022, No.61309008) (No.61373170,No.61402530,No.61309022,No.61309008)
