摘要:
Application-layer payload signature is widely used and has high recognition rate,while its extraction is always dependent on manual analysis.To automatically extract the application-layer payload signature,a method based on program invariants is proposed.With program instrument technology,the program process in dealing with network packets is tracked and program status set generated and updated,and from this the program invariants are detected.Combined with taint analysis,the relationship between the invariants and packet fields is confirmed and fingerprints are revealed.This method is of high efficiency and accuracy,with no need to analyze the protocol specification.
展开