面向比特流數(shù)據(jù)的無(wú)人機(jī)測(cè)控協(xié)議逆向解析
發(fā)布時(shí)間:2018-08-21 09:41
【摘要】:在網(wǎng)絡(luò)信息攻防安全領(lǐng)域中,協(xié)議逆向解析一直是研究的熱點(diǎn)。通用標(biāo)準(zhǔn)類協(xié)議的檢測(cè)識(shí)別技術(shù)已經(jīng)日趨成熟,而私有協(xié)議在民用、軍事等通信設(shè)備通信交互的過(guò)程中也有著較為廣泛的應(yīng)用,但由于缺乏標(biāo)準(zhǔn)協(xié)議文檔的參考,其相關(guān)的逆向解析的研究并不多見(jiàn)。從網(wǎng)絡(luò)安全防御的角度而言,為了測(cè)試其在遭受網(wǎng)絡(luò)攻擊時(shí)的安全性與復(fù)雜應(yīng)用環(huán)境下的健壯性,有關(guān)私有協(xié)議的研究也受到越來(lái)越多的重視。民用小型無(wú)人機(jī)的測(cè)控過(guò)程較為私密,主要的應(yīng)用協(xié)議屬于私有協(xié)議范疇。因此,不能簡(jiǎn)單地通過(guò)利用已有協(xié)議特征庫(kù)匹配識(shí)別等傳統(tǒng)研究手段來(lái)進(jìn)行其測(cè)控類協(xié)議格式的還原以及相關(guān)字段語(yǔ)義表達(dá)的推斷。針對(duì)于此,本文從報(bào)文序列分析的角度著手,以比特流報(bào)文數(shù)據(jù)為研究對(duì)象,利用數(shù)據(jù)統(tǒng)計(jì)分析以及其他數(shù)據(jù)挖掘處理手段,結(jié)合飛行記錄文檔(第三方監(jiān)控描繪的無(wú)人機(jī)飛行軌跡以及飛行狀態(tài)變化信息),實(shí)現(xiàn)對(duì)民用小型無(wú)人機(jī)私有測(cè)控類協(xié)議的逆向解析。協(xié)議逆向解析大致分為三個(gè)階段。第一階段,通過(guò)參照一些良好規(guī)范的測(cè)控協(xié)議設(shè)計(jì),設(shè)計(jì)參數(shù)可調(diào)、字段完備、協(xié)議實(shí)體可擴(kuò)展的私有無(wú)人機(jī)測(cè)控協(xié)議范本。然后在仿真平臺(tái)上實(shí)現(xiàn)無(wú)人機(jī)飛行狀態(tài)的簡(jiǎn)單建模,模擬仿真出無(wú)人機(jī)飛行任務(wù)過(guò)程中與地面基站之間的測(cè)控會(huì)話數(shù)據(jù)(比特流形式)。第二階段,首先對(duì)測(cè)控兩類混合報(bào)文數(shù)據(jù)進(jìn)行簡(jiǎn)單的分類,然后通過(guò)數(shù)據(jù)統(tǒng)計(jì)繪圖分析、KMP模式串匹配、改進(jìn)的Apriori關(guān)聯(lián)規(guī)則挖掘算法以及Needleman-Wunsch序列比對(duì)等方法實(shí)現(xiàn)字段域結(jié)構(gòu)劃分、字段定界以及語(yǔ)義推斷。第三階段則是通過(guò)引入飛行記錄文檔等先驗(yàn)知識(shí),對(duì)協(xié)議格式還原及字段語(yǔ)義推斷進(jìn)行更為深入的解析。通過(guò)對(duì)多類未知的自定義協(xié)議樣本數(shù)據(jù)的測(cè)試實(shí)驗(yàn),并對(duì)解析結(jié)果給出客觀的分析及評(píng)估,驗(yàn)證確保了協(xié)議逆向解析方法的有效性。
[Abstract]:In the field of network information attack and defense security, protocol reverse resolution has been a hot topic. The detection and identification technology of generic standard protocols has become more and more mature, and private protocols have been widely used in the communication interaction process of civilian, military and other communication devices. However, due to the lack of reference to standard protocol documents, private protocols are widely used in communication interaction between civil and military communication devices. The research on reverse analysis is rare. From the point of view of network security defense, in order to test the security of network attack and the robustness of complex application environment, the research on private protocol has been paid more and more attention. The measurement and control process of civilian small UAV is private, and the main application protocols belong to private protocol. Therefore, we can not simply use the traditional research means such as matching and identifying the existing protocol signature database to restore the format of its measurement and control protocols and infer the semantic expression of related fields. In this paper, from the point of view of message sequence analysis, we take the bitstream message data as the research object, and use the data statistical analysis and other data mining processing methods. Combined with flight record documents (the flight trajectory and flight state change information of UAV described by third party monitoring), the reverse analysis of private TT & C protocols for civilian small UAVs is realized. Protocol reverse parsing can be divided into three stages. In the first stage, by referring to some good standard measurement and control protocol design, the design parameters can be adjusted, the field is complete, and the protocol entity can be extended to private UAV measurement and control protocol model. Then the simple modeling of UAV flight state is realized on the simulation platform, and the measurement and control session data (bit stream form) between UAV mission and ground base station are simulated. In the second stage, the two kinds of mixed message data are classified simply, then the field domain structure is divided by statistical drawing analysis, improved Apriori association rule mining algorithm and Needleman-Wunsch sequence alignment. Field demarcation and semantic inference. In the third stage, by introducing prior knowledge such as flight record documents, the protocol format restoration and field semantic inference are analyzed more deeply. Based on the test results of many kinds of unknown custom protocol sample data and the objective analysis and evaluation of the analytical results, it is verified that the validity of the protocol reverse parsing method is ensured.
【學(xué)位授予單位】:西南交通大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2017
【分類號(hào)】:V279;V249;TP393.08
[Abstract]:In the field of network information attack and defense security, protocol reverse resolution has been a hot topic. The detection and identification technology of generic standard protocols has become more and more mature, and private protocols have been widely used in the communication interaction process of civilian, military and other communication devices. However, due to the lack of reference to standard protocol documents, private protocols are widely used in communication interaction between civil and military communication devices. The research on reverse analysis is rare. From the point of view of network security defense, in order to test the security of network attack and the robustness of complex application environment, the research on private protocol has been paid more and more attention. The measurement and control process of civilian small UAV is private, and the main application protocols belong to private protocol. Therefore, we can not simply use the traditional research means such as matching and identifying the existing protocol signature database to restore the format of its measurement and control protocols and infer the semantic expression of related fields. In this paper, from the point of view of message sequence analysis, we take the bitstream message data as the research object, and use the data statistical analysis and other data mining processing methods. Combined with flight record documents (the flight trajectory and flight state change information of UAV described by third party monitoring), the reverse analysis of private TT & C protocols for civilian small UAVs is realized. Protocol reverse parsing can be divided into three stages. In the first stage, by referring to some good standard measurement and control protocol design, the design parameters can be adjusted, the field is complete, and the protocol entity can be extended to private UAV measurement and control protocol model. Then the simple modeling of UAV flight state is realized on the simulation platform, and the measurement and control session data (bit stream form) between UAV mission and ground base station are simulated. In the second stage, the two kinds of mixed message data are classified simply, then the field domain structure is divided by statistical drawing analysis, improved Apriori association rule mining algorithm and Needleman-Wunsch sequence alignment. Field demarcation and semantic inference. In the third stage, by introducing prior knowledge such as flight record documents, the protocol format restoration and field semantic inference are analyzed more deeply. Based on the test results of many kinds of unknown custom protocol sample data and the objective analysis and evaluation of the analytical results, it is verified that the validity of the protocol reverse parsing method is ensured.
【學(xué)位授予單位】:西南交通大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2017
【分類號(hào)】:V279;V249;TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前10條
1 董青嶺;;網(wǎng)絡(luò)空間威懾研究及其關(guān)鍵問(wèn)題[J];信息安全研究;2016年10期
2 陳偉東;黃祖泉;陳傳波;張偉平;吳濤;;網(wǎng)絡(luò)防御和不重復(fù)子串模式匹配算法研究實(shí)現(xiàn)[J];計(jì)算機(jī)技術(shù)與發(fā)展;2016年07期
3 雷東;王韜;趙建鵬;馬云飛;;面向比特流的未知協(xié)議識(shí)別與分析技術(shù)綜述[J];計(jì)算機(jī)應(yīng)用研究;2016年11期
4 宋錚;王永劍;金波;林九川;;二進(jìn)制程序動(dòng)態(tài)污點(diǎn)分析技術(shù)研究綜述[J];信息網(wǎng)絡(luò)安全;2016年03期
5 辛偉;時(shí)志偉;郝永樂(lè);董國(guó)偉;;基于污點(diǎn)分析和符號(hào)執(zhí)行的漏洞簽名生成方法[J];清華大學(xué)學(xué)報(bào)(自然科學(xué)版);2016年01期
6 劉淵;張春瑞;孟凡治;李桐;岳e,
本文編號(hào):2195312
本文鏈接:http://www.sikaile.net/guanlilunwen/ydhl/2195312.html
最近更新
教材專著
