Deep Learning-Based Reverse Method of Binary Protocol

With the growth of network equipment, the security of network access environment becomes particularly important. Many network security technologies, such as vulnerability mining, fuzzy testing and intrusion detection, have attracted more and more attention. However, the effectiveness of these security technologies will be greatly reduced in the face of unknown protocols. By automatically extracting the format information of unknown protocols through the protocol reverse technology, the processing capability of the above security technologies in the face of unknown protocols can be enhanced. In this paper, by analyzing the changing characteristics of protocol fields, a field sequence coding method is proposed, which is suitable for reflecting the field sequence characteristics of different protocols and can improve the generalization ability of the model. Using the above field sequence coding method, a field classification model for unknown protocols is implemented based on the LSTM-FCN network, which is widely used in time series classification tasks. Finally, a binary protocol reverse method based on deep learning is proposed. The method is based on the field classification model and realizes the division and type identification of unknown protocol fields according to the classification results. In the experiment, the field classification model has high accuracy and recall in different protocols, which shows that the model has the ability to identify the field type according to the changing characteristics of the field. The proposed protocol reverse method also accurately and quickly identifies the field and its type, proving the reverse ability of the method to unknown binary protocols.