TIIS (Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ)
Current Result Document : 3 / 3
| ÇѱÛÁ¦¸ñ(Korean Title) |
Icefex: Protocol Format Extraction from IL-based Concolic Execution |
| ¿µ¹®Á¦¸ñ(English Title) |
Icefex: Protocol Format Extraction from IL-based Concolic Execution |
| ÀúÀÚ(Author) |
Fan Pan
Li-fa Wu
Zheng Hong
Hua-bo Li
Hai-Guang Lai
Chen-hui Zheng
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 07 NO. 03 PP. 0576 ~ 0599 (2013. 03) |
Çѱ۳»¿ë
(Korean Abstract) |
|
¿µ¹®³»¿ë
(English Abstract) |
Protocol reverse engineering is useful for many security applications, including intelligent fuzzing, intrusion detection and fingerprint generation. Since manual reverse engineering is a time-consuming and tedious process, a number of automatic techniques have been proposed. However, the accuracy of these techniques is limited due to the complexity of binary instructions, and the derived formats have missed constraints that are critical for security applications. In this paper, we propose a new approach for protocol format extraction. Our approach reasons about only the evaluation behavior of a program on the input message from concolic execution, and enables field identification and constraint inference with high accuracy. Moreover, it performs binary analysis with low complexity by reducing modern instruction sets to BIL, a small, well-specified and architecture-independent language. We have implemented our approach into a system called Icefex and evaluated it over real-world implementations of DNS, eDonkey, FTP, HTTP and McAfee ePO protocols. Experimental results show that our approach is more accurate and effective at extracting protocol formats than other approaches.
|
| Å°¿öµå(Keyword) |
protocol reverse engineering
protocol format extraction
semantic inference
concolic execution
intermediate language
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
