CN103441990B - The automatic estimating method of protocol state machine based on state fusion - Google Patents
The automatic estimating method of protocol state machine based on state fusion Download PDFInfo
- Publication number
- CN103441990B CN103441990B CN201310348136.7A CN201310348136A CN103441990B CN 103441990 B CN103441990 B CN 103441990B CN 201310348136 A CN201310348136 A CN 201310348136A CN 103441990 B CN103441990 B CN 103441990B
- Authority
- CN
- China
- Prior art keywords
- state
- protocol
- input
- message
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention relates to networking technology area, there is provided a kind of protocol state machine based on state fusion automatic estimating method, comprise the following steps: message format extracts with initial condition mechanism build and based on the state fusion of outgoing message abstract with message classification, session.The automatic estimating method of protocol state machine of the present invention adopts and strengthens the conversation procedure that prefix trees transducer EPTT describes protocol entity, be conceived to the outgoing message of agreement, similar state in state machine is merged, and by carrying out with protocol entity the feasibility that testability validation-cross protocol status merges, ensure that and the automation that protocol state machine is inferred improve the accuracy of inferred results.
Description
Technical field
The present invention relates to networking technology area, in particular to a kind of network message according to protocol entity process accepts and transmission, the method for the protocol state machine of corresponding network agreement is inferred in automation.
Background technology
Procotol is the support the key element that network communicating function realizes, and is also the primary study object of network safety filed.A large amount of network security technologys such as intrusion detection, fuzz testing, agreement are reused, agreement vulnerability analysis are all based on detailed protocol specification information.
Employ a large amount of proprietary protocol lacking description document in network, this makes all kinds of network security technology depending on information norm be extremely restricted in range of application.In order to the problem of resolution protocol information the unknown, the method that researcher starts to adopt agreement reverse obtains unknown protocol specification.Agreement is reverse to be referred to when not relying on agreement and describing, and is monitored and is analyzed, extract the process of procotol concrete norm information by the network input and output to protocol entity, system action and instruction execution flow.
Network protocol standard mainly comprises protocol format and protocol state machine two parts.What protocol format was paid close attention to is the Nomenclature Composition and Structure of Complexes of each protocol domain in communication message.Protocol status quantity in protocol system that what protocol state machine was paid close attention to is and protocol system when receiving different input from a protocol status to the rule of another one transferring protocol state.
The reverse employing manual type of traditional agreement, process tedious is consuming time, and accuracy depends on technical merit and the practical experience of analyst.Along with the expansion of network size and increasing of protocol type, to conversed analysis accuracy and ageing requirement more and more higher, the agreement conversed analysis of Traditional Man mode can not meet the needs of practical application.Agreement automatic reversal, to significantly reducing manual analysis, improves the analysis efficiency of proprietary protocol, obtains increasing attention.
Current most of agreement automatic reversal concentrates on the extraction of protocol format to research, lack protocol status machine information in analysis result, constrains the practical application of the reverse result of agreement.In recent years, along with the relative maturity of protocol format extractive technique, some researchers start to attempt carrying out conversed analysis to protocol state machine.Current protocol state machine infers mainly there is following problem: (1) existing state fusion method (as Prospex system) for the consideration of simplicity, for state machine model be the finite state machine of no-output.In this finite state machine, only there is message input, and do not consider that message exports, ignore the inner link between protocol system input and output message.Protocol system is the state transition system that band exports, and the state machine that the process of this simplification makes state fusion obtain and actual agreements system exist larger difference.(2) in order to solve the incomplete problem of sample set, often needing constantly to produce new samples in protocol state machine deduction process, and whether being under the jurisdiction of protocol state machine according to new samples, implement to infer further.New samples is positive example or counter-example for protocol state machine, depends on artificial judgement.The processing mode of artificial judgement is difficult to ensure accuracy on the one hand, and on the other hand, this processing mode automaticity is low, constrains the efficiency of conversed analysis.
Summary of the invention
For problems of the prior art, the present invention aims to provide the automatic estimating method of a kind of protocol state machine based on state fusion, for the protocol state machine inference problems of unknown protocol, on the basis of existing message protocol form inference technologies, message sample architecture enhancing prefix trees transducer EPTT (ExtendedPrefixTreeTransducer) according to collection describes the input that protocol entity relates at conversation procedure, the abstract symbol string of outgoing message composition, and the feasibility by merging with the mutual decision state of the testability of protocol entity, ensure that the automation that state machine is inferred, improve the accuracy of inferred results.
For reaching above-mentioned purpose, the technical solution adopted in the present invention is as follows:
The automatic estimating method of protocol state machine based on state fusion, comprises the following steps:
(1) message format extracts and message classification: the concrete format information obtaining the relevant input of protocol entity program, outgoing message, and according to message format respectively to input, outgoing message classification, message sample identical for structure is classified as a class, with the classification information of abstract symbol presentation class;
(2) session is abstract builds with initial condition mechanism: the class categories represented based on abstract symbol, in units of session, carry out abstract to network service behavior, input and output sequence of message in conversation procedure is described as abstract input/output symbol string, and then according to session sample set, build the initial condition machine consistent with input/output symbol set of strings;
(3) based on the state fusion of outgoing message: merge candidate state according to similarity height, and generate test symbol string, again by the test of automation, the output that relatively protocol entity and the state machine after merging are made after receiving test symbol string responds, the feasibility that proofing state merges;
(4) above-mentioned steps (3) is repeated until no longer include the state meeting fusion conditions in state machine;
The abstract workflow in stage of building with initial condition mechanism of aforementioned session is as follows: the deduction of state machine builds based on session sample set, input, outgoing message in session are represented with the abstract symbol that its place classification is corresponding, thus the input and output sequence of message of complete session is converted into abstract input/output symbol string; On this basis, according to session sample set, adopt the formal construction initial condition machine strengthening prefix trees transducer EPTT, in initial condition machine, contain all input/output symbol strings as session sample;
The workflow in the aforementioned state fusion stage based on outgoing message is as follows: on the basis of initial condition machine, height according to similarity carries out state fusion to two similar state at every turn, the selection of similar state, based on BlueFringe algorithm, selects the highest two states of similarity as candidate state to be fused, whether the fusion of candidate state is feasible, judge according to the test character string generated, judge whether two candidate state can merge, wherein: test character string builds based on the string prefix and string postfix arriving two candidate state in reset condition machine, by intersecting the mode of splicing, arrival all string prefix of some candidate state and all string postfix of another one candidate state are spliced successively, the character string composition test string assemble generated, if it is determined that all output strings are all consistent with the protocol state machine after fusion, then think that state fusion is feasible, otherwise judge that state fusion is infeasible, test result is added session sample set and Extended Protocol state machine as new samples, and continues to attempt merging other states.
Further, in preceding method, when selecting candidate state to be fused in protocol state machine, based on BlueFringe algorithm, the public input of character string suffix of the basis protocol status of similarity, public input of character string suffix reflection protocol entity is when being in two different agreement states, State Transferring when receiving identical incoming message and export response condition, wherein: input of character string suffix refers to that protocol entity is from a certain protocol status, receive a series of incoming message, these incoming messages are represented as input of character string suffix in state machine, public input of character string suffix refers to that two different conditions receive identical a series of incoming messages, the calculating of similarity will consider the length of the public input of character string suffix of protocol status, and whether identical Output rusults is produced for protocol entity when receiving identical input, if two protocol statuss, the length of their public input of character string suffix is the longest, and having identical output for identical input, two such protocol statuss will preferentially be attempted merging.
Further, in preceding method, the process utilizing test string assemble to carry out state fusion and feasibility to judge, comprises the following steps: first foundation tests character string and known message protocol form, generates the incoming message sequence as test case; Incoming message sequence is sent to protocol entity program, obtains outgoing message sequence responsively; Carry out abstract to outgoing message sequence, be expressed as output character string sequence; Protocol state machine after merging for candidate state, the output symbol whether output character judging in output character string sequence is all present in protocol state machine corresponding states is concentrated: if all output strings all with merge after protocol state machine consistent, then think that state fusion is feasible, otherwise judge that state fusion is infeasible.
From the above technical solution of the present invention shows that, beneficial effect of the present invention is to be considered as by protocol system being with the state transition system exported, the inner link be conceived in protocol system between input and output message is implemented to merge to the state in protocol state machine, strengthen prefix trees transducer EPTT (ExtendedPrefixTreeTransducer) and describe by adopting the input that protocol entity relates at conversation procedure, the abstract symbol string of outgoing message composition, and the feasibility by merging with the mutual decision state of the testability of protocol entity, contribute to guaranteeing that the protocol state machine of structure and actual agreements system height coincide, ensure that the automation that state machine is inferred, improve the accuracy of inferred results, and the input amendment of auxiliary judgement is produced for candidate state automation to be fused, and then grasp protocol entity by the automatic operating of protocol entity program the output of input amendment is responded, avoid the artificial poor efficiency judged, improve accuracy and the whole efficiency of the reverse deduction of state machine.
Accompanying drawing explanation
Fig. 1 is the overall realization flow schematic diagram of automatic estimating method of the present invention.
Fig. 2 is the example building EPTT state machine in the present invention based on abstract characters string sequence.
Fig. 3 is to the example that candidate state merges in the present invention.
Embodiment
In order to more understand technology contents of the present invention, accompanying drawing is coordinated to be described as follows especially exemplified by specific embodiment.
As shown in Figure 1, according to preferred embodiment of the present invention, the automatic estimating method of the protocol state machine based on state fusion, comprises the following steps:
(1) message format extracts and message classification: collect input and output sequence of message first in a large number, and then adopt existing message format extracting method, the input that acquisition protocol entity program is correlated with, the concrete format information of outgoing message, on this basis, according to message format respectively to input, outgoing message classification, message sample identical for structure is classified as a class, with the classification information of abstract symbol presentation class;
(2) session is abstract builds with initial condition mechanism: on the basis of message classification, in units of session, carry out abstract to network service behavior, input and output sequence of message in conversation procedure is described as abstract input/output symbol string, and then according to session sample set, build the initial condition machine consistent with input/output symbol set of strings;
(3) based on the state fusion of outgoing message: merge candidate state according to similarity height, and generate test symbol string, again by the test of automation, the output that relatively protocol entity and the state machine after merging are made after receiving test symbol string responds, the feasibility that proofing state merges;
(4) above-mentioned steps (3) is repeated until no longer include the state meeting fusion conditions in state machine.
Wherein, the abstract workflow in stage of building with initial condition mechanism of aforementioned session is as follows: the deduction of state machine builds based on session sample set, input, outgoing message in session are represented with the abstract symbol that its place classification is corresponding, thus the input and output sequence of message of complete session is converted into abstract input/output symbol string; On this basis, according to session sample set, adopt the formal construction initial condition machine strengthening prefix trees transducer EPTT, in initial condition machine, contain all input/output symbol strings as session sample;
The workflow in the aforementioned state fusion stage based on outgoing message is as follows: on the basis of initial condition machine, height according to similarity carries out state fusion to two similar state at every turn, the selection of similar state, based on BlueFringe algorithm, selects the highest two states of similarity as candidate state to be fused, whether the fusion of candidate state is feasible, judge according to the test character string generated, judge whether two candidate state can merge, wherein: test character string builds based on the string prefix and string postfix arriving two candidate state in reset condition machine, by intersecting the mode of splicing, arrival all string prefix of some candidate state and all string postfix of another one candidate state are spliced successively, the character string composition test string assemble generated, if it is determined that all output strings are all consistent with the protocol state machine after fusion, then think that state fusion is feasible, otherwise judge that state fusion is infeasible, test result is added session sample set and Extended Protocol state machine as new samples, and continues to attempt merging other states.
With reference to the overall realization flow shown in figure 1 and shown in composition graphs 2,3, the automatic estimating method of protocol state machine of the present embodiment comprises message format and extracts and abstractly with message classification, session build with initial condition mechanism and based on state fusion three parts of outgoing message, illustrate respectively below concrete execution mode.
(1) message format extracts and message classification
The embodiment of the present invention collects the input and output sequence of message that the communication of protocol entity program network produces first in a large number, and adopts the message format extracting method of PI project (ProtocolInformationProject) to obtain the concrete format information of input and output message.On this basis, respectively incoming message and outgoing message are classified according to message format, if several message sample has identical message structure, then they are classified as a class.For each classification, unique Arabic numerals (as 1,2,3) are used to identify.
(2) session is abstract builds with initial condition mechanism
On the basis of message classification, in units of session, carry out abstract to network service behavior.
Session represents that the partial data carried out between communication participant exchanges, and can be reflected in the migration situation of protocol status in communication process.Procotol research field, has had the method for many ripe recognition network sessions.The service that upper layer application uses lower-layer protocols to provide.If based on the network application of Transmission Control Protocol, a session, often by the three-way handshake of Transmission Control Protocol, stops when TCP disconnecting; If based on the network application of udp protocol, a session is often by distinguishing the interval time communicated, if communicating pair stops the time of communication to exceed specific duration, then infers that a session completes.
In the process that session is abstract, adopt input and output message classification to replace concrete message information, and build character string sequence according to the sequential that message occurs.
Such as, certain session is represented as character string sequence (<1,2,5>, <1,3,6>), wherein <1,2,5> represents input character string sequence, and first incoming message that be meant to of the Arabic numerals 1 in this sequence belongs to incoming message classification 1, and second incoming message that be meant to of numeral 2 belongs to incoming message classification 2; <1,3,6> represent output character string sequence, and wherein first outgoing message that be meant to of numeral 1 belongs to outgoing message classification 1, and second outgoing message that be meant to of numeral 3 belongs to outgoing message classification 3, by that analogy.The implication of this session is protocol entity when to receive some classifications (incoming message classification) be the message of 1, outputs the message that some classifications (outgoing message classification) are 1, enters a new protocol status simultaneously; When being in new protocol status, protocol entity receives the message that some classifications (incoming message classification) are 2, outputs the message that some classifications (outgoing message classification) are 3, enters another one protocol status; At this protocol status, protocol entity receives again the message that some classifications (incoming message classification) are 5, outputs the message that some classifications (outgoing message classification) are 6, has again carried out State Transferring.
Input and output message sample is being conversated abstract, after being converted into character string sequence set, is starting to build initial protocol state machine.The present invention adopts the formal construction state machine strengthening prefix trees transducer EPTT, and it is advantageous that can the State-output information of accurate description protocol entity, and the protocol state machine that the band constructed exports and real network agreement situation are more pressed close to.
The protocol state machine of EPTT form is defined as 6 tuple (Q
e, I, O, δ
e, λ
e, q
λ), wherein Q
erepresent state set, I represents incoming symbol set, and O represents output symbol set, δ
erepresent state transition function, λ
erepresent output function, q
λrepresent initial protocol status.
During structure EPTT protocol state machine, successively session sample is added state machine.Fig. 2 is the example building EPTT state machine in the present invention based on abstract characters string sequence.For the character string sequence of a certain session, adopt the form of traversal, combine input character string sequence and output character string sequence analysis.Such as, for first session sample in Fig. 2, input character string sequence <1,2,5> and output character string sequence <1,3,6> will combine Synchronization Analysis, reflect the corresponding relation of input character and output character.
Based on input of character string sequence structure prefix sign string, traversed input character will be described in the process of traversal.Initial condition is set to state 0, and protocol state machine receives input by initial condition.Prefix sign string is set to λ when initial, represents that prefix sign string is empty at present.Character in input character string sequence adds prefix sign string successively.If the state that prefix sign string arrives does not have in previous status machine, then create a new state, with Arabic numerals unique identification.If corresponding state transitions information does not exist in previous status machine, then extended mode transfer function and output function; If comprised corresponding state transitions information in previous status machine, need to expand output information by judging whether further.
Such as, for first session sample in Fig. 2, first input character that ergodic process runs into is 1, forms prefix sign string λ 1, needs the protocol status that establishment one is new, with this state of numeral 1 mark.Extended mode transfer function (protocol entity, when the state 0 of being in, receives input character 1, transfers to state 1), and output function simultaneously (protocol entity, when the state 0 of being in, receives input character 1, produces output character 1).Second input character that ergodic process runs into is 2, form prefix sign string λ 12, create one with the new state of numeral 2 mark, (protocol entity is when the state 1 of being in for extended mode transfer function simultaneously, receive input character 2, transfer to state 2), and output function (protocol entity is when the state 1 of being in, receive input character 2, produce output character 3).For second session sample in Fig. 2, because the state transitions related to is identical with first session sample, therefore new state can not be produced.But according to second session sample, protocol entity receives input character 2 when the state 1 of being in, and the output character of generation is 4.This output information will extend in former protocol state machine, and namely protocol entity receives input character 2 when the state 1 of being in, and the output character of generation is under the jurisdiction of output character set { 3,4}.
After having traveled through all session samples, initial protocol state machine will be obtained.The construction method of initiation protocol state machine is directly added by all session samples, do not carry out any differentiation and examination, therefore, build the state machine result obtained and often contain a large amount of redundant states, need the method in addition abbreviation by merging similar state, the protocol state machine obtained just more has practical value.
(3) based on the state fusion of outgoing message
After having built initial condition machine, by the height according to similarity, attempt carrying out state fusion to the similar state in state machine.In the present embodiment, the selection of similar state is based on BlueFringe algorithm, but improves the computational methods of wherein similarity.Evaluate the similarity of two protocol statuss, the foundation of employing is public input of character string suffix.Input of character string suffix refers to protocol entity from a certain protocol status, receives a series of incoming message, and these incoming messages are represented as input of character string suffix in state machine." public " in public input of character string suffix is it is emphasised that two different agreement states receive identical a series of incoming messages.Public input of character string suffix can reflect that protocol entity is when being in two different agreement states, State Transferring when receiving identical incoming message and export response condition.When calculating similarity, the length of the public input of character string suffix of protocol status will be considered, and for the identical input received, whether protocol entity there is identical Output rusults.If two protocol statuss, the length of their public input of character string suffix is the longest, and has identical output for identical input, and two such protocol statuss will alternatively be attempted merging by state prior.
Whether two candidate state can merge, and need further to judge.Because protocol state machine builds based on training sample, and training sample is difficult to ensure comprehensively, and this makes to infer that the protocol state machine of generation and real protocol state machine may there are differences.Whether feasible in order to judge the fusion of two candidate state, need to generate test character string further targetedly to test, affirm by the performance of protocol entity program for test character string or negate the fusion of candidate state, thus ensureing that the protocol state machine result of deduction and real protocol state machine are identical.
With reference to figure 3, the state machine generation before test character string merges based on candidate state, Main Basis is string prefix and the string postfix of two candidate state in state machine.Arrival all string prefix of some candidate state and all string postfix of another one candidate state, by intersecting the mode of splicing, splice by the generation of test character string successively, the character string composition test string assemble of generation.Such as, for the state machine before state fusion in Fig. 3, the similarity of state 1 and state 3 is the highest, will preferentially attempt merging.When constructing test character string, known by analyzing, the string prefix set of state 1 is { <1>}, string prefix set { <1, the 7>} of state 3.Due to string prefix <1,7> contains <1>, in fusion process, suffix set { <7,2 of state 1 will be conceived to, 5, suffix set { <2,5, the 14>} of 14>} and state 3, the test string assemble generated comprises 2 element { <1,2,5,14>, <1,7,7,2,5,14>}.
Utilize test character string to carry out in the process of testing, first according to test character string and known message protocol form, test character string is instantiated as incoming message sequence.Incoming message sequence is sent to protocol entity program, obtains outgoing message sequence responsively.Carry out abstract to outgoing message sequence, be expressed as output character string sequence.Protocol state machine after merging for candidate state, judges the output character in output character string sequence, and the output symbol whether being all present in protocol state machine corresponding states is concentrated.If consistent all with state machine of all output strings, then think that state fusion is feasible, otherwise judge that state fusion is infeasible, test result is added sample set and Extended Protocol state machine as new samples, continue in state machine, select other candidate state to implement to merge.
The mixing operation of state will carry out repeatedly, until do not have the state that can merge in state machine.
From the above technical solution of the present invention shows that, the automatic estimating method of protocol state machine based on state fusion of the present invention, on the basis of existing message protocol form inference technologies, prefix trees transducer is strengthened according to the message sample architecture of collecting, by merging the similar state strengthened in prefix trees transducer, obtain the protocol state machine of simplifying.Adopt the method to need to obtain protocol entity program, and can run entity program as required, send specific sequence of message to it, and observe corresponding message and export, in this, as the basis that protocol state machine is inferred.
In sum, protocol system is considered as being with the state transition system exported by the automatic estimating method of the protocol state machine based on state fusion of the present invention, the inner link be conceived in protocol system between input and output message is implemented to merge to the state in protocol state machine, strengthen prefix trees transducer EPTT and describe by adopting the input that protocol entity relates at conversation procedure, the abstract symbol string of outgoing message composition, and the feasibility by merging with the mutual decision state of the testability of protocol entity, contribute to guaranteeing that the protocol state machine of structure and actual agreements system height coincide, ensure that the automation that state machine is inferred, improve the accuracy of inferred results, and the input amendment of auxiliary judgement is produced for candidate state automation to be fused, and then grasp protocol entity by the automatic operating of protocol entity program the output of input amendment is responded, avoid the artificial poor efficiency judged, improve accuracy and the whole efficiency of the reverse deduction of state machine.
Although the present invention with preferred embodiment disclose as above, so itself and be not used to limit the present invention.Persond having ordinary knowledge in the technical field of the present invention, without departing from the spirit and scope of the present invention, when being used for a variety of modifications and variations.Therefore, protection scope of the present invention is when being as the criterion depending on those as defined in claim.
Claims (3)
1., based on the automatic estimating method of protocol state machine of state fusion, it is characterized in that, comprise the following steps:
(1) message format extracts and message classification: the concrete format information obtaining the relevant input of protocol entity program, outgoing message, and according to message format respectively to input, outgoing message classification, message sample identical for structure is classified as a class, with the classification information of abstract symbol presentation class;
(2) session is abstract builds with initial condition mechanism: the class categories represented based on abstract symbol, in units of session, carry out abstract to network service behavior, input and output sequence of message in conversation procedure is described as abstract input/output symbol string, and then according to session sample set, build the initial condition machine consistent with input/output symbol set of strings;
(3) based on the state fusion of outgoing message: merge candidate state according to similarity height, and generate test symbol string, again by the test of automation, the output that relatively protocol entity and the state machine after merging are made after receiving test symbol string responds, the feasibility that proofing state merges;
(4) above-mentioned steps (3) is repeated until no longer include the state meeting fusion conditions in state machine;
The abstract workflow in stage of building with initial condition mechanism of aforementioned session is as follows: the deduction of state machine builds based on session sample set, input, outgoing message in session are represented with the abstract symbol that its place classification is corresponding, thus the input and output sequence of message of complete session is converted into abstract input/output symbol string; On this basis, according to session sample set, adopt the formal construction initial condition machine strengthening prefix trees transducer EPTT, in initial condition machine, contain all input/output symbol strings as session sample;
The workflow in the aforementioned state fusion stage based on outgoing message is as follows: on the basis of initial condition machine, height according to similarity carries out state fusion to two similar state at every turn, the selection of similar state, based on BlueFringe algorithm, selects the highest two states of similarity as candidate state to be fused, whether the fusion of candidate state is feasible, judge according to the test character string generated, judge whether two candidate state can merge, wherein: test character string builds based on the string prefix and string postfix arriving two candidate state in reset condition machine, by intersecting the mode of splicing, arrival all string prefix of some candidate state and all string postfix of another one candidate state are spliced successively, the character string composition test string assemble generated, if it is determined that all output strings are all consistent with the protocol state machine after fusion, then think that state fusion is feasible, otherwise judge that state fusion is infeasible, test result is added session sample set and Extended Protocol state machine as new samples, and continues to attempt merging other states.
2. method according to claim 1, it is characterized in that, in preceding method, when selecting candidate state to be fused in protocol state machine, based on BlueFringe algorithm, the public input of character string suffix of the basis protocol status of similarity, public input of character string suffix reflection protocol entity is when being in two different agreement states, State Transferring when receiving identical incoming message and export response condition, wherein: input of character string suffix refers to that protocol entity is from a certain protocol status, receive a series of incoming message, these incoming messages are represented as input of character string suffix in state machine, public input of character string suffix refers to that two different conditions receive identical a series of incoming messages, the calculating of similarity will consider the length of the public input of character string suffix of protocol status, and whether identical Output rusults is produced for protocol entity when receiving identical input, if two protocol statuss, the length of their public input of character string suffix is the longest, and having identical output for identical input, two such protocol statuss will preferentially be attempted merging.
3. method according to claim 1, it is characterized in that, in preceding method, the process utilizing test string assemble to carry out state fusion and feasibility to judge, comprise the following steps: first according to test character string and known message protocol form, generate the incoming message sequence as test case; Incoming message sequence is sent to protocol entity program, obtains outgoing message sequence responsively; Carry out abstract to outgoing message sequence, be expressed as output character string sequence; Protocol state machine after merging for candidate state, the output symbol whether output character judging in output character string sequence is all present in protocol state machine corresponding states is concentrated: if all output strings all with merge after protocol state machine consistent, then think that state fusion is feasible, otherwise judge that state fusion is infeasible.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310348136.7A CN103441990B (en) | 2013-08-09 | 2013-08-09 | The automatic estimating method of protocol state machine based on state fusion |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310348136.7A CN103441990B (en) | 2013-08-09 | 2013-08-09 | The automatic estimating method of protocol state machine based on state fusion |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103441990A CN103441990A (en) | 2013-12-11 |
| CN103441990B true CN103441990B (en) | 2016-03-30 |
Family
ID=49695655
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310348136.7A Active CN103441990B (en) | 2013-08-09 | 2013-08-09 | The automatic estimating method of protocol state machine based on state fusion |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103441990B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104767744B (en) * | 2015-03-25 | 2018-05-15 | 中国人民解放军理工大学 | Protocol state machine active estimating method based on protocol knowledge |
| CN110191019B (en) * | 2019-05-28 | 2021-05-28 | 北京百度网讯科技有限公司 | Vehicle CAN bus test method and device, computer equipment and storage medium |
| CN112039196A (en) * | 2020-04-22 | 2020-12-04 | 广东电网有限责任公司 | Power monitoring system private protocol analysis method based on protocol reverse engineering |
| CN112019403B (en) * | 2020-08-24 | 2021-10-01 | 杭州弈鸽科技有限责任公司 | Cross-platform automatic mining method and system for message protocol state machine of Internet of things |
| CN113852605B (en) * | 2021-08-29 | 2023-09-22 | 北京工业大学 | Protocol format automatic inference method and system based on relation reasoning |
| CN114172972B (en) * | 2021-11-11 | 2023-08-15 | 中国工程物理研究院计算机应用研究所 | Unknown protocol behavior reverse inference method based on optimized random converter model |
| CN115174441B (en) * | 2022-09-06 | 2022-12-13 | 中国汽车技术研究中心有限公司 | State machine based TCP fuzzy test method, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6119187A (en) * | 1995-11-30 | 2000-09-12 | Excel Switching Corp. | Telecommunication system with universal API using generic messages having user functionality associated with predetermined functions, primitives and logical states for defining PPL component state machines |
| US6765881B1 (en) * | 2000-12-06 | 2004-07-20 | Covad Communications Group, Inc. | Virtual L2TP/VPN tunnel network and spanning tree-based method for discovery of L2TP/VPN tunnels and other layer-2 services |
| CN1741482A (en) * | 2005-09-27 | 2006-03-01 | 清华大学 | Protocol interoperation characteristic test generating method based on communication multi-port finite state machine |
| CN1937613A (en) * | 2005-10-14 | 2007-03-28 | 康佳集团股份有限公司 | Method for realizing real-time flow protocol control utilizing state machine |
| CN101068244A (en) * | 2007-06-07 | 2007-11-07 | 中兴通讯股份有限公司 | Metod for tracing protocol stack state machine switching |
| CN102404167A (en) * | 2011-11-03 | 2012-04-04 | 清华大学 | Protocol test generating method of parallel expansion finite-state machine based on variable dependence |
-
2013
- 2013-08-09 CN CN201310348136.7A patent/CN103441990B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6119187A (en) * | 1995-11-30 | 2000-09-12 | Excel Switching Corp. | Telecommunication system with universal API using generic messages having user functionality associated with predetermined functions, primitives and logical states for defining PPL component state machines |
| US6765881B1 (en) * | 2000-12-06 | 2004-07-20 | Covad Communications Group, Inc. | Virtual L2TP/VPN tunnel network and spanning tree-based method for discovery of L2TP/VPN tunnels and other layer-2 services |
| CN1741482A (en) * | 2005-09-27 | 2006-03-01 | 清华大学 | Protocol interoperation characteristic test generating method based on communication multi-port finite state machine |
| CN1937613A (en) * | 2005-10-14 | 2007-03-28 | 康佳集团股份有限公司 | Method for realizing real-time flow protocol control utilizing state machine |
| CN101068244A (en) * | 2007-06-07 | 2007-11-07 | 中兴通讯股份有限公司 | Metod for tracing protocol stack state machine switching |
| CN102404167A (en) * | 2011-11-03 | 2012-04-04 | 清华大学 | Protocol test generating method of parallel expansion finite-state machine based on variable dependence |
Non-Patent Citations (1)
| Title |
|---|
| 一种逆向分析协议状态机模型的有效方法;田园,等;《计算机工程与应用》;20110701;第47卷(第19期);第63-67页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103441990A (en) | 2013-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103441990B (en) | The automatic estimating method of protocol state machine based on state fusion | |
| CN106817363B (en) | Intelligent ammeter abnormity detection method based on neural network | |
| WO2020037918A1 (en) | Risk control strategy determining method based on predictive model, and related device | |
| CN102045363B (en) | Establishment, identification control method and device for network flow characteristic identification rule | |
| CN102315974B (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| Cavalli et al. | New approaches for passive testing using an extended finite state machine specification | |
| CN103870381B (en) | A kind of test data generating method and device | |
| CN104584483B (en) | Method and apparatus for automatically determining the reason for service quality degrades | |
| CN109613899A (en) | A method of the industrial control system security risk assessment based on allocation list | |
| CN112800428B (en) | Method and device for judging safety state of terminal equipment | |
| CN104468262A (en) | Network protocol recognition method and system based on semantic sensitivity | |
| CN103716198A (en) | Data network quality automatic dial testing method and system | |
| CN105302885A (en) | Full-text data extraction method and device | |
| CN107040429A (en) | A kind of method of testing and system of port forwarding performance | |
| CN111092775A (en) | Network protocol security test evaluation method based on model learning | |
| CN101674205B (en) | Method and device for generating network communication protocol test sequence based on finite-state machine | |
| CN110674503B (en) | Intelligent contract endless loop detection method based on graph convolution neural network | |
| CN104767744A (en) | Protocol state machine active inference method based on protocol knowledge | |
| CN105871620B (en) | A kind of quick detection recognition method of cyberspace industrial control equipment | |
| CN101764754A (en) | Sample acquiring method in business identifying system based on DPI and DFI | |
| US20230070173A1 (en) | Cloud-end collaborative system and method for load identification | |
| CN110457897A (en) | A kind of database security detection method based on communication protocol and SQL syntax | |
| CN113347060B (en) | Method, device and system for detecting power network fault based on process automation | |
| CN112579436B (en) | Micro-service software architecture identification and measurement method | |
| CN111008872B (en) | User portrait construction method and system suitable for Ether house |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |