| HAL-Inria | Publications, software ... of Inria's scientists |
Conference papers
PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces
Abstract : Protocol reverse engineering is the process of extracting application-level protocol specifications. The specifications are a useful source of knowledge about network protocols and can be used for various purposes. Despite the successful results of prior works, their methods primarily result in the inference of a limited number of message types. We herein propose a novel approach that infers a minimized state machine while having a rich amount of information. The combined input of tokens extracted from the network protocol binary executables and network traces enables the inference of new message types and protocol behaviors which had not been found in previous works. In addition, we propose a state minimization algorithm that can be applied to real-time black-box inference. The experimental results show that our approach can infer the largest number of message types for file-transfer protocol (FTP) and simple mail-transfer protocol (SMTP) compared to eight prior arts. Moreover, we found unexpected behaviors in two protocol implementations using the inferred state machines.
Cited literature [30 references]
https://hal.inria.fr/hal-02023719
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, February 21, 2019 - 3:09:25 PM
Last modification on : Thursday, February 21, 2019 - 3:16:06 PM
Long-term archiving on: : Wednesday, May 22, 2019 - 8:36:16 PM
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, February 21, 2019 - 3:09:25 PM
Last modification on : Thursday, February 21, 2019 - 3:16:06 PM
Long-term archiving on: : Wednesday, May 22, 2019 - 8:36:16 PM
File
472722_1_En_11_Chapter.pdf
Files produced by the author(s)
Licence
Distributed under a Creative Commons Attribution 4.0 International License