About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

A Markov Random Field Approach to Automated Protocol Signature Inference

Download(Requires a free EAI acccount)
391 downloads
Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_25,
        author={Yongzheng Zhang and Tao Xu and Yipeng Wang and Jianliang Sun and Xiaoyu Zhang},
        title={A Markov Random Field Approach to Automated Protocol Signature Inference},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Protocol signatures Markov random field Network security},
        doi={10.1007/978-3-319-28865-9_25}
    }
    
  • Yongzheng Zhang
    Tao Xu
    Yipeng Wang
    Jianliang Sun
    Xiaoyu Zhang
    Year: 2016
    A Markov Random Field Approach to Automated Protocol Signature Inference
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_25
Yongzheng Zhang1,*, Tao Xu,*, Yipeng Wang1,*, Jianliang Sun,*, Xiaoyu Zhang1,*
  • 1: Chinese Academy of Sciences
*Contact email: zhangyongzheng@iie.ac.cn, xutao9083@iie.ac.cn, wangyipeng@iie.ac.cn, sunjianliang@iie.ac.cn, zhangxiaoyu@iie.ac.cn

Abstract

Protocol signature specifications play an important role in networking and security services, such as Quality of Service(QoS), vulnerability discovery, malware detection, and so on. In this paper, we propose ProParser, a network trace based protocol signature inference system that exploits the embedded contextual correlations of -grams in protocol messages. In ProParser, we first apply markov field aspect model to discover the contextual relations and spatial structure among -grams extracted from protocol traces. Next, we perform keyword-based clustering algorithm to cluster messages into extremely cohesive groups, and finally use heuristic ranking rules to generate the signature specifications for the corresponding protocol. We evaluate ProParser on real-world network traces including both textual and binary protocols. We also compare ProParser with the state-of-the-art tool, ProWord, and find that our approach performs more accurately and effectively in practice.

Keywords
Protocol signatures Markov random field Network security
Published
2016-02-09
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-319-28865-9_25
Copyright © 2015–2025 ICST
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL