A Method for Extracting Static Fields in Private Protocol Using Entropy and Statistical Analysis

Min-Seob Lee; Young-Hoon Goo; Kyu-Seok Shim; Sung-Ho Yoon; Se-Hyun Ji; Myung-Sup Kim

Summary

Asia-Pacific Network Operations and Management Symposium

2019

Session Number:TS9

Session:

Number:TS9-3

A Method for Extracting Static Fields in Private Protocol Using Entropy and Statistical Analysis

Min-Seob Lee, Young-Hoon Goo, Kyu-Seok Shim, Sung-Ho Yoon, Se-Hyun Ji, Myung-Sup Kim,

pp.-

Publication Date:2019/9/18

Online ISSN:2188-5079

DOI:10.34385/proc.59.TS9-3

PDF download (409.1KB)

Summary:

Modern society is turning into the environment in which high-capacity network traffic generated by the development of high-speed internet. As a result, new applications and malicious behaviors are increasing exponentially. Most protocols that occur in these network environments are private protocols. Because private protocols do not have any specifications open, it is very important to analyze the structures of the private protocol for efficient network management and security. Various protocol reverse engineering methodologies have been studied so far, but there is not standardized methodology to extract the protocol's field. Therefore, this paper proposes a methodology for clearly extracting fields of the smallest unit of protocol's structure, and conducts experiments and validates performance on the protocols that are actually being used.