Tongxin xuebao (Jun 2017)
Clustering perception mining of network protocol’s stealth attack behavior
Abstract
Deep stealth attack behavior in the network protocol becomes a new challenge to network security.In view of the shortcomings of the existing protocol reverse methods in the analysis of protocol behavior,especially the stealth attack behavior mining,a novel instruction clustering perception mining algorithm was proposed.By extracting the protocol's behavior instruction sequences,and clustering analysis of all the behavior instruction sequences using the instruction clustering algorithm,the stealth attack behavior instruction sequences can be mined quickly and accurately from a large number of unknown protocol programs according to the calculation results of the behavior distance.Combining dynamic taint analysis with instruction clustering analysis,1 297 protocol samples were analyzed in the virtual analysis platform hidden disc which was developed independently,and 193 stealth attack behaviors were successfully mined,the results of automatic analysis and manual analysis were completely consistent.Experimental results show that,the solution is ideal for perception mining the protocol's stealth attack behavior in terms of efficiency and accuracy.
