Reverse Engineering Of UAV Communication Protocol Based On Network Trace

The drone industry is growing rapidly,and a large number of unlicensed drones pose challenges for public security and national security.While the relevant departments are in the process of establishing relevant laws and regulations to supervise them,it is necessary to use technical means to restrict unmanned flying aircraft.Through the reverse-engineering of the UAV communication protocol can provide technical support for the drone control of unauthorized flight.At present,there are the following difficulties in the reverse of the UAV communication protocol:1.The amount of binary communication data generated during the UAV communication process is large and varied,how to cluster them is a difficult problem;2.How to extract the protocol format from the binary communication protocol data without any reference semantics is difficult;3.Since the drone communication protocol belongs to the private protocol without the protocol specification,verifing the result of protocol reverse is difficult.In view of the above problems,this paper conducts an in-depth study on the reverse of the UAV communication protocol based on network data flow.main tasks as follows:For the data clustering problem of UAV communication protocol,this paper designs a feature extraction method based on n-gram and another feature extraction method based on information entropy.In this paper,the information entropy of n-gram participles under n values is calculated according to the n-gram model,and the feature words are extracted according to information entropy.In the vectorization of data series,the weighted word frequency statistics based on TF-IDF are proposed.this paper extends the information entropy and proposes a data sequence vectorization method based on extended information entropy.For the flight control data recognition,a flight control data recognition method based on abnormal traffic detection is proposed.The Needleman-Wunsch algorithm of the double-sequence alignment algorithm is only used to calculate the editing distance between sequences,so it's not adapt in the reverseengineering of protocol.This paper designs a new scoring function of the Needleman-Wunsch algorithm.The new algorithm can focus on the inner feature of protocol without increasing the space-time complexity of the algorithm.By analyzing the asymptotic multi-sequence alignment algorithm for noise anomaly defects,this paper designs a progressive multisequence alignment algorithm based on position weights,which can eliminate the anomaly.This paper designs and implements the reverse prototype system of UAV communication protocol,and divides the system into data capture module,data preprocessing module,feature extraction module,clustering module,flight control data identification module and flight control protocol format extraction module.By using the UAV communication protocol reverse prototype system designed in this paper,the communication data of the drone in the real network environment is tested experimentally,and the key feature extraction,cluster analysis and flight control protocol identification are verified.Based on the protocol inverse of a kind of drone,this paper analyzes the defects of its communication layer and protocol layer.The UDP protocol is used to transmit plaintext data on the communication layer.The identity authentication depends on the MAC address and IP address.On the protocol layer The flight control data sequence number space is too small to be traversed by enumeration.Based on the above defect analysis,this paper designs a hijacking experiment based on identity forgery and instruction injection to verify the feasibility of this protocol reverse scheme.