The Experts below are selected from a list of 180 Experts worldwide ranked by ideXlab platform
Xu Zhen - One of the best experts on this subject based on the ideXlab platform.
-
automatic identification of industrial control network Protocol Field boundary using memory propagation tree
International Conference on Information and Communication Security, 2018Co-Authors: Chen Kai, Zhang Ning, Wang Liming, Xu ZhenAbstract:The knowledge of Protocol specification, especially Protocol Field boundary, is invaluable for addressing many security problems, such as intrusion detection. But many industrial control network (ICN) Protocols are closed. Closed Protocol reverse engineering has often been a time-consuming, tedious and error-prone process. Some solutions have recently been proposed to allow for automatic Protocol reverse engineering. But their prerequisites, e.g. assuming the existence of keywords or delimiters in Protocol messages, limit the scope of their efforts to parse ICN Protocol messages. In this paper, we present AutoBoundary that aims at automatically identifying Field boundaries in an ICN Protocol message. By instrumenting and monitoring program execution, AutoBoundary can obtain the execution context information, and build a memory propagation (MP) tree for each message byte. Based on the similarity between MP trees, AutoBoundary can identify Protocol Field boundaries, automatically. The intuition behind AutoBoundary makes it suitable for ICN Protocols, which have the characteristics of no delimiter, no keyword, and no complex hierarchical structure in the message. We have implemented a prototype of AutoBoundary and evaluated it with 62 ICN Protocol messages from 4 real-word ICN Protocols. Our experimental results show that, for the ICN Protocols whose Fields are byte-aligned, AutoBoundary can identify Field boundaries with high accuracy (100% for Modbus/TCP, 100% for Siemens S7, and 94.7% for ISO 9506).
-
ICICS - Automatic Identification of Industrial Control Network Protocol Field Boundary Using Memory Propagation Tree
Information and Communications Security, 2018Co-Authors: Chen Kai, Zhang Ning, Wang Liming, Xu ZhenAbstract:The knowledge of Protocol specification, especially Protocol Field boundary, is invaluable for addressing many security problems, such as intrusion detection. But many industrial control network (ICN) Protocols are closed. Closed Protocol reverse engineering has often been a time-consuming, tedious and error-prone process. Some solutions have recently been proposed to allow for automatic Protocol reverse engineering. But their prerequisites, e.g. assuming the existence of keywords or delimiters in Protocol messages, limit the scope of their efforts to parse ICN Protocol messages. In this paper, we present AutoBoundary that aims at automatically identifying Field boundaries in an ICN Protocol message. By instrumenting and monitoring program execution, AutoBoundary can obtain the execution context information, and build a memory propagation (MP) tree for each message byte. Based on the similarity between MP trees, AutoBoundary can identify Protocol Field boundaries, automatically. The intuition behind AutoBoundary makes it suitable for ICN Protocols, which have the characteristics of no delimiter, no keyword, and no complex hierarchical structure in the message. We have implemented a prototype of AutoBoundary and evaluated it with 62 ICN Protocol messages from 4 real-word ICN Protocols. Our experimental results show that, for the ICN Protocols whose Fields are byte-aligned, AutoBoundary can identify Field boundaries with high accuracy (100% for Modbus/TCP, 100% for Siemens S7, and 94.7% for ISO 9506).
Maurizio Matteo Munafo - One of the best experts on this subject based on the ideXlab platform.
-
Towards automatic Protocol Field inference
Computer Communications, 2016Co-Authors: Ignacio Bermudez, Alok Tongaonkar, Marios Iliofotou, Marco Mellia, Maurizio Matteo MunafoAbstract:Security tools have evolved dramatically in the recent years to combat the increasingly complex nature of attacks. However, these tools need to be configured by experts that understand network Protocols thoroughly to be effective. In this paper, we present a system called FieldHunter, which automatically extracts Fields and infers their types. This information is invaluable for security experts to keep pace with the increasing rate of development of new network applications and their underlying Protocols. FieldHunter relies on collecting application messages from multiple sessions. Then, it performs Field extraction and inference of their types by taking into consideration statistical correlations between different messages or other associations with meta-data such as message length, client or server IP addresses. We evaluated FieldHunter on real network traffic collected in ISP networks from three different continents. FieldHunter was able to extract security relevant Fields and infer their types for well documented network Protocols (such as DNS and MSNP) as well as Protocols for which the specifications are not publicly available (such as SopCast). Further, we developed a payload-based anomaly detection system for industrial control systems using FieldHunter. The proposed system is able to identify industrial devices behaving oddly, without any previous knowledge of the Protocols being used.
-
automatic Protocol Field inference for deeper Protocol understanding
2015 IFIP Networking Conference (IFIP Networking), 2015Co-Authors: Ignacio Bermudez, Alok Tongaonkar, Marios Iliofotou, Marco Mellia, Maurizio Matteo MunafoAbstract:Security tools have evolved dramatically in the recent years to combat the increasingly complex nature of attacks, but to be effective these tools need to be configured by experts that understand network Protocols thoroughly. In this paper we present FieldHunter, which automatically extracts Fields and infers their types; providing this much needed information to the security experts for keeping pace with the increasing rate of new network applications and their underlying Protocols. FieldHunter relies on collecting application messages from multiple sessions and then applying statistical correlations is able to infer the types of the Fields. These statistical correlations can be between different messages or other associations with meta-data such as message length, client or server IPs. Our system is designed to extract and infer Fields from both binary and textual Protocols. We evaluated FieldHunter on real network traffic collected in ISP networks from three different continents. FieldHunter was able to extract security relevant Fields and infer their nature for well documented network Protocols (such as DNS and MSNP) as well as Protocols for which the specifications are not publicly available (such as SopCast) and from malware such as (Ramnit).
-
Networking - Automatic Protocol Field inference for deeper Protocol understanding
2015 IFIP Networking Conference (IFIP Networking), 2015Co-Authors: Ignacio Bermudez, Alok Tongaonkar, Marios Iliofotou, Marco Mellia, Maurizio Matteo MunafoAbstract:Security tools have evolved dramatically in the recent years to combat the increasingly complex nature of attacks, but to be effective these tools need to be configured by experts that understand network Protocols thoroughly. In this paper we present FieldHunter, which automatically extracts Fields and infers their types; providing this much needed information to the security experts for keeping pace with the increasing rate of new network applications and their underlying Protocols. FieldHunter relies on collecting application messages from multiple sessions and then applying statistical correlations is able to infer the types of the Fields. These statistical correlations can be between different messages or other associations with meta-data such as message length, client or server IPs. Our system is designed to extract and infer Fields from both binary and textual Protocols. We evaluated FieldHunter on real network traffic collected in ISP networks from three different continents. FieldHunter was able to extract security relevant Fields and infer their nature for well documented network Protocols (such as DNS and MSNP) as well as Protocols for which the specifications are not publicly available (such as SopCast) and from malware such as (Ramnit).
Huang Hejie - One of the best experts on this subject based on the ideXlab platform.
-
Network Protocol reverse parsing technique based on dataflow analysis
Journal of Computer Applications, 2013Co-Authors: Huang HejieAbstract:Reverse parsing unknown network Protocol is of great significance in many network security applications.Most of the existing Protocol reverse parsing methods can not handle the encryption Protocol or get the semantic information of the Protocol Field.To solve this problem,a network Protocol parsing technique based on dataflow analysis was proposed.According to the data flow recording tool developed on Pin platform,it could parse the network Protocol with the aid of the dependence analysis based data flow tracking technology,as well as obtain the Protocol format and semantic information of each Protocol Field.The experimental results show that the technique can parse out the Protocol format correctly,especially for the encryption Protocol,and extract the program behavior semantics of each Protocol Field.
S P S Khanuja - One of the best experts on this subject based on the ideXlab platform.
-
in vitro propagation of rauwolfia serpentina using liquid medium assessment of genetic fidelity of micropropagated plants and simultaneous quantitation of reserpine ajmaline and ajmalicine
Methods of Molecular Biology, 2009Co-Authors: Manoj Kumar Goel, Shakti Mehrotra, A K Kukreja, Karuna Shanker, S P S KhanujaAbstract:Rauwolfia serpentina holds an important position in the pharmaceutical world because of its immense anti-hypertensive properties resulting from the presence of reserpine in the oleoresin fraction of the roots. Poor seed viability, low seed germination rate, and enormous genetic variability are the major constraints for the commercial cultivation of R. serpentina through conventional mode. The present optimized Protocol offers an impeccable end to end method from the establishment of aseptic cultures to in-vitro plantlet production employing semisolid as well liquid nutrient culture medium and assessment of their genetic fidelity using polymerase chain reaction based rapid amplification of polymorphic DNA analysis. In vitro shoots multiplied on Murashige and Skoog basal liquid nutrients supplemented with benzo[a]pyrene (1.0 mg/L) and NAA (0.1 mg/L) and in-vitro rhizogenesis was observed in modified MS basal nutrient containing NAA (1.0 mg/L) and 2% sucrose. In-vitro raised plants exhibited 90-95% survival under glass house/Field condition and 85% similarity in the plants regenerated through this Protocol. Field established plants were harvested and extraction of indole alkaloid particularly reserpine, ajmaline and ajmalicine and their simultaneous quantitation was performed using monolithic reverse phase high-performance liquid chromatography (HPLC).
-
in vitro propagation of rauwolfia serpentina using liquid medium assessment of genetic fidelity of micropropagated plants and simultaneous quantitation of reserpine ajmaline and ajmalicine
Methods of Molecular Biology, 2009Co-Authors: Manoj Kumar Goel, Shakti Mehrotra, A K Kukreja, Karuna Shanker, S P S KhanujaAbstract:Summary Rauwolfia serpentina holds an important position in the pharmaceutical world because of its immense anti-hypertensive properties resulting from the presence of reserpine in the oleoresin fraction of the roots. Poor seed viability, low seed germination rate, and enormous genetic variability are the major constraints for the commercial cultivation of R. serpentina through conventional mode. The present optimized Protocol offers an impeccable end to end method from the establishment of aseptic cultures to in-vitro plantlet production employing semisolid as well liquid nutrient culture medium and assessment of their genetic fidelity using polymerase chain reaction based rapid amplification of polymorphic DNA analysis. In vitro shoots multiplied on Murashige and Skoog basal liquid nutrients supplemented with benzo[a]pyrene (1.0 mg/L) and NAA (0.1 mg/L) and in-vitro rhizogenesis was observed in modified MS basal nutrient containing NAA (1.0 mg/L) and 2% sucrose. In-vitro raised plants exhibited 90–95% survival under glass house/Field condition and 85% similarity in the plants regenerated through this Protocol. Field established plants were harvested and extraction of indole alkaloid particularly reserpine, ajmaline and ajmalicine and their simultaneous quantitation was performed using monolithic reverse phase high-performance liquid chromatography (HPLC). Key words: Micropropagation, Liquid medium, Rauwolfia serpentina, Genetic fidelity, Reserpine, Ajmaline , Ajmalicine, HPLC, RAPD
Ashwin Gumaste - One of the best experts on this subject based on the ideXlab platform.
-
A 400 Gb/s Carrier-Class SDN White-Box Design and Demonstration: The Bitstream Approach
Journal of Lightwave Technology, 2018Co-Authors: Aniruddha Kushwaha, Sidharth Sharma, Naveen Bazard, Tamal Das, Ashwin GumasteAbstract:Software defined networks (SDNs) could be a game changer for next generation provider networks. OpenFlow (OF)—the dominant SDN Protocol, is rigid in its south bound interface—any new Protocol Field that the hardware must support, must await complete OF standardization. In contrast, OF alternatives such as Protocol oblivious forwarding and forwarding and control element separation have simpler schemes for insertion of new Protocol identifiers. Even with these there is an inherent limitation on network hardware—the tables must support specific formats and configuration at each node as per Protocol semantics. We ask the question— can we design an open system (white-box) – one that is carrier-class, yet able to meet the requirements of any Protocol forwarding/action with a minimal set of data-plane functions . We propose bitstream, a low-latency, source-routing based scheme that can support addition of new Protocols, be compatible with existing Protocols, and facilitate a minimum semantic set for acting on a packet. A prototype is built to show bitstream working. The controller architecture is detailed from a provider perspective, as to how it can be integrated in a provider network using YANG models. The hardware architecture is also presented, showing the functioning of a bitstream capable 400 Gb/s whitebox. The issue of Protocol processing optimization is considered and its impact on service latency is shown. The results from the test-bed validate the carrier-class features of the bitstream model.
-
ICC - Bitstream: A Flexible SDN Protocol for Service Provider Networks
2018 IEEE International Conference on Communications (ICC), 2018Co-Authors: Aniruddha Kushwaha, Sidharth Sharma, Naveen Bazard, Ashwin GumasteAbstract:SDNs could be a game changer for next generation provider networks. OpenFlow (OF) - the dominant SDN Protocol, is rigid in its South Bound Interface (SBI) - any new Protocol Field that the hardware must support, must await complete OF standardization. In contrast, OF alternatives such as Protocol oblivious forwarding (POF) and ForCES have simpler schemes for insertion of new Protocol identifiers. Even with these there is an inherent limitation on network hardware - the tables must support specific table format and configuration at each node as per Protocol semantics. We ask the question - can we design an open system - one that is carrier-class, yet able to meet the requirements of any Protocol forwarding/action with a minimal set of dataplane function. We propose bitstream, a low-latency, source-routing based scheme that can support new Protocols, be compatible with existing Protocols and facilitate a minimum semantic set for acting on a packet. A prototype is built to show bitstream working.
