Perception Mining of Network Protocol’s Stealth Attack Behaviors

Autor: Yan-Jing Hu, Xu An Wang
Rok vydání: 2019
Předmět:
Zdroj: Lecture Notes in Networks and Systems ISBN: 9783030335052
BWCCA
DOI: 10.1007/978-3-030-33506-9_60
Popis: Unknown network protocol’s stealth attack behavior is becoming a new type of attack, which greatly harms the cyber space security. The stealth behaviors are not easy to be detected by existing security measures. Starting with the implementation of the instructions of the protocol programs, the normal behavior instruction sequences are captured by dynamic binary analysis. The algorithm of instruction clustering and feature distance computation is designed to mine the potential stealth attack behavior instruction sequences. The mined stealth attack behavior instruction sequences (for inline assembly) are loaded into the general executing framework. A virtual protocol behavior analysis platform HiddenDisc has been developed, and the Dynamic analysis is implemented on the platform. Then the protocol execution security evaluation scheme is proposed and implemented. Using the stealth transformation method designed by ourselves, the stealth attack behaviors are transformed. We successfully attacked the virtual target machine by using the transformed stealth attack behaviors, but the stealth behaviors were not captured. The experimental results show that the present method can accurately and efficiently perception mining unknown protocol’s stealth attack behaviors, transform and use of stealth attack behavior can also enhance our information offensive and defensive capabilities.
Databáze: OpenAIRE
Externí odkaz: