Text protocol reverse resolution method and system

An analysis method and text technology, applied in the transmission system, electrical components, etc., can solve problems such as low accuracy, high space-time overhead, and difficulty in obtaining analysis objects, and achieve the effect of accurate reverse analysis

Inactive Publication Date: 2014-09-03
CHINA UNITED NETWORK COMM GRP CO LTD
View PDF3 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The disadvantage of the dynamic analysis method based on the program execution trajectory is that the program execution trajectory needs to be recorded in real time during the program execution process, and there is no public tool for real-time recordi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Text protocol reverse resolution method and system
  • Text protocol reverse resolution method and system
  • Text protocol reverse resolution method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0062] The reverse analysis of this embodiment is aimed at the text protocol, for example, the SIP protocol is a text protocol, and each SIP message is composed of the following three parts:

[0063] Start line: Each SIP message starts with a start line (a request message is a request line, a response message is a status line). The start line is used to convey the message type (method type in a request, response code in a response) and protocol version.

[0064] SIP header: used to transmit message attributes and message meaning, where the format is: :.

[0065] Message body: used to describe the initial session. For example, include audio and video encoding types, sampling rates, etc. in a multimedia session. Message bodies can be displayed in requests and responses.

[0066] Taking the initial behavior of the request message as an example, the format defined in the protocol is as follows:

[0067] Request-Line=Method SP Request-URI SP SIP-Version CRLF

[0068] in:

[0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a text protocol reverse resolution method and a text protocol reverse resolution system. The method comprises the following steps that: a plurality of network data packets of a text protocol are captured, application layer data is extracted from each network data packet and is converted into data streams in a text form, and a plurality of obtained data streams form a data set; separators are used for carrying out segmentation processing on each data stream in the data set, the contents of each data stream are divided into a plurality of data items, and position information of each data item is recorded; for each data item, whether the data item is a feature item or not is determined according to the position information of the data item and the occurring times of the data item in the data streams and the data set; the identical feature items in each data stream are extracted in lines, the feature items are used as fixed fields, and adjacent non-feature items are merged to be used as variable fields; and cluster analysis is carried out, and the format features of the text protocol are determined. The method and the system have the advantages that the commonality and the relevance are analyzed from a great number of data packets of the same text protocol, and the protocol format is obtained, so the reverse resolution is preciser.

Description

technical field [0001] The present invention relates to a protocol reverse analysis, more specifically, to a text protocol reverse analysis method and system. Background technique [0002] In the process of information interaction between different computer systems, network communication protocols play an irreplaceable role and receive more and more attention. The format of protocol messages is essential to many network security applications, such as vulnerability mining, intrusion detection systems, and so on. But many network application protocols are not open, especially in enterprise networks, there are fewer and fewer formal protocol description documents, so that people cannot directly obtain the characteristics of protocol messages through protocol specifications. Protocol reverse analysis does not depend on protocol specifications or descriptions. By analyzing technical methods such as protocol data packets or interaction processes, information such as format fields...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 李建宇刘媛媛
Owner CHINA UNITED NETWORK COMM GRP CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap