Reverse Analysis Of Software Network Communication Process Based On Dynamic Binary Platform

Reverse analysis of software network communication process has important applicationvalue in many fields, like intrusion detection, Trojan detection, protocol reverse analysis andnetwork covert channel detection etc.. Thus, it is of great significance to do further research onit.This thesis firstly proposes a reverse analysis of software network communication processtechnique based on dynamic binary platform. Simulating the execution of network applicationprogram with the dynamic binary platform, while executing process, the target program wasinstrumented dynamically to accurately record execution trace. By analyzing the executing tracesof the program, get the information of software network communication process such as threadcreated relationship, thread synchronization relation, association among socket manipulatedfunctions and socket I/O model. Research on the methods and characteristics of thread creation,and then design the way to get the created relation among threads. Study the mechanism ofthread synchronization and propose a method to get it. Looking into the association of socketmanipulated APIS, collect associated socket manipulated functions, after that analysiscommunicated information such as target IP, target port, protocol for communication andtransmitted data. Research on socket I/O models, analysis characteristics and unique functions ofeach I/O model, then propose a method to identify socket I/O model based on automata.Secondly, research on visualized technique, put forward the requirement and target ofvisualization by the peculiarity of visualized information, design visualized graphic andalgorithm. At last, show user the information of software network communication processincluding thread created relationship, thread synchronization and the association analysis resultof socket manipulated functions with the form of picture.Then, a methord to analysis the software network communication behavior is proposed.After that, capture network data and extract the data of TCP and UDP packages. Finally, putforward the methords to analysis the correlation of software network communication behaviorwith the TCP packets and UDP packets.Finally the thesis designed and implemented a reverse analysis system for networkcommunication process under dynamic binary platform, then tested and analysed the functionsincluding identifying the socket I/O model, visualizing the network communication process ofsoftware, analyzing software network communication behavior, and analyzing the correlation ofnetwork communication behavior with network data. The result shows that the system cananalysis the network communication process of software correctly and effectively.