基于深度学习的二进制网络协议逆向方法

With the rapid development of modern network technology, various network applications emerge in an endless stream, and a large number of unknown protocols are flooding the network environment. The frequency of network security problems is getting higher and higher. The format information of unknown protocols is automatically analyzed through protocol reverse technology, and applied to some network security technologies, which can greatly enhance the security of the network environment. Traditional network protocol reverse methods only focus on the two aspects of protocol structure identification and protocol field division, and do not take into account the semantic information of fields. In view of the above problems, a deep learning method is proposed to learn the characteristics of different types of fields, and implement a field classification model. Different types of different fields are judged, and semantic analysis is facilitated in the protocol format inference stage through the pre-training method. In the protocol format extraction stage, combined with the field classification model, in order to accurately separate different types of fields, this paper proposes a single-session inter-field correlation scoring correction algorithm, a multi-session field sequence stability correction algorithm, and a scoring function based on field type and length , combined with field classification models to achieve field segmentation of unknown protocols with minimal impact. Experimental results show that the method can accurately and quickly identify protocol fields and their types.