The Experts below are selected from a list of 267 Experts worldwide ranked by ideXlab platform
Yongzheng Zhang - One of the best experts on this subject based on the ideXlab platform.
-
ICNP - A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, M. Zubair Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
-
A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, Zubair M Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
Yipeng Wang - One of the best experts on this subject based on the ideXlab platform.
-
ICNP - A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, M. Zubair Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
-
A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, Zubair M Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
-
PDCAT - Biprominer: Automatic Mining of Binary Protocol Features
2011 12th International Conference on Parallel and Distributed Computing Applications and Technologies, 2011Co-Authors: Yipeng Wang, Zhibin Zhang, Jiao Meng, Yong Zhao, Li GuoAbstract:Application-level Protocol specifications are helpful for network security management, including intrusion detection and intrusion prevention which rely on monitoring technologies such as deep packet inspection. Moreover, detailed knowledge of Protocol specifications is also an effective way of detecting malicious code. However, current methods for obtaining unknown and proprietary Protocol Message formats (i.e., no publicly available Protocol specification), especially binary Protocols, highly rely on manual operations, such as reverse engineering which is time-consuming and laborious. In this paper, we propose Biprominer, a tool that can automatically extract binary Protocol Message formats of an application from its real-world network trace. In addition, we present a transition probability model for a better description of the Protocol. The chief feature of Biprominer is that it does not need to have any priori knowledge of Protocol formats, because Biprominer is based on the statistical nature of the Protocol format. We evaluate the efficacy of Biprominer over three binary Protocols, with an average precision more than 99% and a recall better than 96.7%.
Zhibin Zhang - One of the best experts on this subject based on the ideXlab platform.
-
ICNP - A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, M. Zubair Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
-
A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, Zubair M Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
-
PDCAT - Biprominer: Automatic Mining of Binary Protocol Features
2011 12th International Conference on Parallel and Distributed Computing Applications and Technologies, 2011Co-Authors: Yipeng Wang, Zhibin Zhang, Jiao Meng, Yong Zhao, Li GuoAbstract:Application-level Protocol specifications are helpful for network security management, including intrusion detection and intrusion prevention which rely on monitoring technologies such as deep packet inspection. Moreover, detailed knowledge of Protocol specifications is also an effective way of detecting malicious code. However, current methods for obtaining unknown and proprietary Protocol Message formats (i.e., no publicly available Protocol specification), especially binary Protocols, highly rely on manual operations, such as reverse engineering which is time-consuming and laborious. In this paper, we propose Biprominer, a tool that can automatically extract binary Protocol Message formats of an application from its real-world network trace. In addition, we present a transition probability model for a better description of the Protocol. The chief feature of Biprominer is that it does not need to have any priori knowledge of Protocol formats, because Biprominer is based on the statistical nature of the Protocol format. We evaluate the efficacy of Biprominer over three binary Protocols, with an average precision more than 99% and a recall better than 96.7%.
Liyan Wang - One of the best experts on this subject based on the ideXlab platform.
-
ICNP - A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, M. Zubair Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
-
A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, Zubair M Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
M. Zubair Shafiq - One of the best experts on this subject based on the ideXlab platform.
-
ICNP - A semantics aware approach to automated reverse engineering unknown Protocols
2012 20th IEEE International Conference on Network Protocols (ICNP), 2012Co-Authors: Yipeng Wang, M. Zubair Shafiq, Liyan Wang, Zhibin Zhang, Yongzheng ZhangAbstract:Extracting the Protocol Message format specifications of unknown applications from network traces is important for a variety of applications such as application Protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based Protocol Message format inference system that exploits the semantics of Protocol Messages without the executable code of application Protocols. ProDecoder is based on the key insight that the n-grams of Protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate Protocol Message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping Protocol Messages with the same semantics and then inferring Message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer Message format specifications of SMB (a binary Protocol) and SMTP (a textual Protocol). Our experimental results show that ProDecoder accurately parses and infers SMB Protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.
