Tongxin xuebao (Oct 2017)
Mining and utilization of network protocol’s stealth attack behavior
Abstract
The survivability,concealment and aggression of network protocol’s stealth attack behaviors were very strong,and they were not easy to be detected by the existing security measures.In order to compensate for the shortcomings of existing protocol analysis methods,starting from the instructions to implement the protocol program,the normal behavior instruction sequences of the protocol were captured by dynamic binary analysis.Then,the potential stealth attack behavior instruction sequences were mined by means of instruction clustering and feature distance computation.The mined stealth attack behavior instruction sequences were loaded into the general executing framework for inline assembly.Dynamic analysis was implemented on the self-developed virtual analysis platform HiddenDisc,and the security of stealth attack behaviors were evaluated.Excepting to mining analysis and targeted defensive the stealth attack behaviors,the stealth attack behaviors were also formally transformed by the self-designed stealth transformation method,by using the stealth attack behaviors after transformation,the virtual target machine were successfully attacked and were not detected.Experimental results show that,the mining of protocol stealth attack behaviors is accurate,the transformation and use of them to increase information offensive and defensive ability is also feasible.
