Extracting Information from Unknown Protocols On CampusNet

As information security has been increasingly concerned on our campus network, in many occasions, it’s highly useful to extract information from various network traces, including recognizing malware variants, detecting intrusion, and normalizing traffic. Traditionally, the extracting work often depends on the protocol specification. However, there are often no sufficient documents or time for parsing the protocol specified. We present Catcher, a system for semiautomatically extracting information from unknown protocols. The key novelty in our work is that we locate the information and pick it out directly. Catcher does not require knowledge of any protocol, it automatically parses packets given. In the afterward step, if the same type packets come up, it will recognize them and extract information out of them. In order to test the effectiveness of our tool, we use Catcher to extract information over Http and DNS (with no predefinitions of these protocols), as well as chat applications such as MSN, the result reveals that Catcher can extract information from unknown protocols effectively.
Information Extraction Message Format Dynamic Field
Zhuanghui Yu Yongzhong Huang Shaozhong Guo Bei Zhou Hua Ren
Information Engineering University of PLA, Zhengzhou , P. R. China PLA University of Foreign Languages, Luoyang, P. R. China
国际会议
昆明
英文
2007-11-23(万方平台首次上网日期,不代表论文的发表时间)