Skip to Main content Skip to Navigation
Journal articles

State of the art of network protocol reverse engineering tools

Abstract : Communication protocols enable structured information exchanges between different entities. A description, at different levels of detail, is necessary for many applications, such as interoperability or security audits. When such a description is not available, one can resort to protocol reverse engineering to infer the format of exchanged messages or a model of the protocol. During the past 12 years, several tools have been developed in order to automate, entirely or partially, the protocol inference process. Each of those tools has been developed with a specific application goal for the inferred model, leading to specific needs, and thus different strengths and limitations. After identifying key challenges, the paper presents a survey of protocol reverse engineering tools developed in the last decade. We consider tools focusing on the inference of the format of individual messages or of the grammar of sequences of messages. Finally, we propose a classification of these tools according to different criteria, that is aimed at providing relevant insights about the techniques used by each of these tools and comparatively to other tools, for the classification of messages, the inference of their format or of the grammar of the protocol. This classification also permits to identify technical areas that are not sufficiently explored so far and that require further development in the future.
Complete list of metadata

Cited literature [40 references]  Display  Hide  Download
Contributor : Colas Le Guernic <>
Submitted on : Tuesday, April 11, 2017 - 9:56:23 AM
Last modification on : Thursday, June 10, 2021 - 3:45:08 AM
Long-term archiving on: : Wednesday, July 12, 2017 - 12:18:21 PM


Files produced by the author(s)



Julien Duchene, Colas Le Guernic, Eric Alata, Vincent Nicomette, Mohamed Kaâniche. State of the art of network protocol reverse engineering tools. Journal of Computer Virology and Hacking Techniques, Springer, 2018, 14 (1), pp.53-68. ⟨10.1007/s11416-016-0289-8⟩. ⟨hal-01496958⟩



Record views


Files downloads