The binary reverse engineering method can comprehensively track the process of network applications and is relatively accurate, but its implementation is complex and each protocol operating environment has special requirements. This approach to network traffic analysis can universally adapt to various network protocols, including both public and private protocols. Subsequently, the system can identify whether a new section of the flow conforms to the learned protocol or not. The idea is that, by obtaining the user input parameters, an interactive script can be generated based on a small amount of data from a sample stream. proposed a solution for network protocol identification and automatic recovery called RolePlayer. Corrado Leita, Ken Mermoud, and Marc Dacier proposed using the PI project to automatically generate Honeyd configuration scripts. Marshall Beddoe originated the practice of network traffic analysis in 2004 when he launched the Project Informatics (PI) project, whose goal was to find an algorithm to generate amino acids from DNA through biological analogy.
This latter approach is called binary reverse engineering or tainted data analysis.
Reverse engineering research in the network protocol field tends to take one of two main approaches: one uses the network traffic to infer the network protocol, while the other dynamically tracks and analyzes executable programs using the network protocol. Briefly, this work presents the following main contributions: In this paper, we introduce a novel method that combines network traffic analysis and binary reverse engineering to improve network protocol fuzz testing.
#Using wireshark to find vulnerabilities code
The binary reverse engineering method, which is based on the genetic algorithm (GA) and a fitness function, is designed to focus on high code coverage that can reach more vulnerable points. The network traffic analysis based on block-based protocol description language can closely mimic the protocol to assist in generating suitable test cases. In some cases, we must have a deep understanding of the protocol format and protocol interaction process to make fuzz testing reach the deeper protocol states efficiently. In this paper, the main research objective is the application layer protocol, which includes the public protocols of both standard networks and private networks without the details. Fuzz testing involves injecting large amounts of data to test the security of applications, and it can also be used to detect vulnerabilities in network protocol implementations.
įuzz testing is one important network protocol security test method. However, finding effective approaches for testing network protocol security has proven to be a difficult problem. As the use of complex and important network applications increases, network protocol security requirements become ever more significant.
0 kommentar(er)
