State of the art of network protocol reverse engineering tools

Julien Duchene 1, 2 Colas Le Guernic 3, 1 Eric Alata 2 Vincent Nicomette 2 Mohamed Kaâniche 2
2 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes [Toulouse]
3 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA_D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Communication protocols enable structured information exchanges between different entities. A description, at different levels of detail, is necessary for many applications, such as interoperability or security audits. When such a description is not available, one can resort to protocol reverse engineering to infer the format of exchanged messages or a model of the protocol. During the past 12 years, several tools have been developed in order to automate, entirely or partially, the protocol inference process. Each of those tools has been developed with a specific application goal for the inferred model, leading to specific needs, and thus different strengths and limitations. After identifying key challenges, the paper presents a survey of protocol reverse engineering tools developed in the last decade. We consider tools focusing on the inference of the format of individual messages or of the grammar of sequences of messages. Finally, we propose a classification of these tools according to different criteria, that is aimed at providing relevant insights about the techniques used by each of these tools and comparatively to other tools, for the classification of messages, the inference of their format or of the grammar of the protocol. This classification also permits to identify technical areas that are not sufficiently explored so far and that require further development in the future.
Type de document :
Article dans une revue
Journal of Computer Virology and Hacking Techniques, Springer, 2018, 14 (1), pp.53-68. 〈10.1007/s11416-016-0289-8〉
Liste complète des métadonnées

Littérature citée [40 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01496958
Contributeur : Colas Le Guernic <>
Soumis le : mardi 11 avril 2017 - 09:56:23
Dernière modification le : vendredi 16 novembre 2018 - 16:06:01
Document(s) archivé(s) le : mercredi 12 juillet 2017 - 12:18:21

Fichier

jicv_SoA_ProtRE.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Julien Duchene, Colas Le Guernic, Eric Alata, Vincent Nicomette, Mohamed Kaâniche. State of the art of network protocol reverse engineering tools. Journal of Computer Virology and Hacking Techniques, Springer, 2018, 14 (1), pp.53-68. 〈10.1007/s11416-016-0289-8〉. 〈hal-01496958〉

Partager

Métriques

Consultations de la notice

970

Téléchargements de fichiers

2290