Skip to Main content Skip to Navigation
Conference papers

PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces

Abstract : Protocol reverse engineering is the process of extracting application-level protocol specifications. The specifications are a useful source of knowledge about network protocols and can be used for various purposes. Despite the successful results of prior works, their methods primarily result in the inference of a limited number of message types. We herein propose a novel approach that infers a minimized state machine while having a rich amount of information. The combined input of tokens extracted from the network protocol binary executables and network traces enables the inference of new message types and protocol behaviors which had not been found in previous works. In addition, we propose a state minimization algorithm that can be applied to real-time black-box inference. The experimental results show that our approach can infer the largest number of message types for file-transfer protocol (FTP) and simple mail-transfer protocol (SMTP) compared to eight prior arts. Moreover, we found unexpected behaviors in two protocol implementations using the inferred state machines.
Document type :
Conference papers
Complete list of metadatas

Cited literature [30 references]  Display  Hide  Download

https://hal.inria.fr/hal-02023719
Contributor : Hal Ifip <>
Submitted on : Thursday, February 21, 2019 - 3:09:25 PM
Last modification on : Thursday, February 21, 2019 - 3:16:06 PM
Long-term archiving on: : Wednesday, May 22, 2019 - 8:36:16 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2021-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Choongin Lee, Jeonghan Bae, Heejo Lee. PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.141-155, ⟨10.1007/978-3-319-99828-2_11⟩. ⟨hal-02023719⟩

Share

Metrics

Record views

57