Protocol Reverse Engineering(PRE)is of great practical importance in Internet security-related fields such as intrusion detection,vulnerability mining,and protocol fuzzing.For unknown binary protocols having fixed-len...Protocol Reverse Engineering(PRE)is of great practical importance in Internet security-related fields such as intrusion detection,vulnerability mining,and protocol fuzzing.For unknown binary protocols having fixed-length fields,and the accurate identification of field boundaries has a great impact on the subsequent analysis and final performance.Hence,this paper proposes a new protocol segmentation method based on Information-theoretic statistical analysis for binary protocols by formulating the field segmentation of unsupervised binary protocols as a probabilistic inference problem and modeling its uncertainty.Specifically,we design four related constructions between entropy changes and protocol field segmentation,introduce random variables,and construct joint probability distributions with traffic sample observations.Probabilistic inference is then performed to identify the possible protocol segmentation points.Extensive trials on nine common public and industrial control protocols show that the proposed method yields higher-quality protocol segmentation results.展开更多
Probabilistic programming is a powerful means for formally specifying machine learning models.The inference engine of a probabilistic programming environment can be used for serving complex queries on these models.Mos...Probabilistic programming is a powerful means for formally specifying machine learning models.The inference engine of a probabilistic programming environment can be used for serving complex queries on these models.Most of the current research in probabilistic programming is dedicated to the design and implementation of highly efficient inference engines.Much less research aims at making the power of these inference engines accessible to non-expert users.Probabilistic programming means writing code.Yet many potential users from promising application areas such as the social sciences lack programming skills.This prompted recent efforts in synthesizing probabilistic programs directly from data.However,working with synthesized programs still requires the user to read,understand,and write some code,for instance,when invoking the inference engine for answering queries.Here,we present an interactive visual approach to synthesizing and querying probabilistic programs that does not require the user to read or write code.展开更多
文摘Protocol Reverse Engineering(PRE)is of great practical importance in Internet security-related fields such as intrusion detection,vulnerability mining,and protocol fuzzing.For unknown binary protocols having fixed-length fields,and the accurate identification of field boundaries has a great impact on the subsequent analysis and final performance.Hence,this paper proposes a new protocol segmentation method based on Information-theoretic statistical analysis for binary protocols by formulating the field segmentation of unsupervised binary protocols as a probabilistic inference problem and modeling its uncertainty.Specifically,we design four related constructions between entropy changes and protocol field segmentation,introduce random variables,and construct joint probability distributions with traffic sample observations.Probabilistic inference is then performed to identify the possible protocol segmentation points.Extensive trials on nine common public and industrial control protocols show that the proposed method yields higher-quality protocol segmentation results.
基金This work was supported by the Carl Zeiss Foundation,Germany within the projects"Interactive Inference"and"A virtual Werkstatt for digitization in the sciences",and by the Ministry for Economics,Sciences and Digital Society of Thuringia(TMWWDG),Germany under the framework of the Landesprogramm ProDigital(DigLeben-5575/10-9).
文摘Probabilistic programming is a powerful means for formally specifying machine learning models.The inference engine of a probabilistic programming environment can be used for serving complex queries on these models.Most of the current research in probabilistic programming is dedicated to the design and implementation of highly efficient inference engines.Much less research aims at making the power of these inference engines accessible to non-expert users.Probabilistic programming means writing code.Yet many potential users from promising application areas such as the social sciences lack programming skills.This prompted recent efforts in synthesizing probabilistic programs directly from data.However,working with synthesized programs still requires the user to read,understand,and write some code,for instance,when invoking the inference engine for answering queries.Here,we present an interactive visual approach to synthesizing and querying probabilistic programs that does not require the user to read or write code.
