TY - GEN
T1 - Reverse engineering of protocols from network traces
AU - Antunes, João
AU - Neves, Nuno
AU - Verissimo, Paulo
N1 - Generated from Scopus record by KAUST IRTS on 2021-03-16
PY - 2011/12/19
Y1 - 2011/12/19
N2 - Communication protocols determine how network components interact with each other. Therefore, the ability to derive a specification of a protocol can be useful in various contexts, such as to support deeper black-box testing or effective defense mechanisms. Unfortunately, it is often hard to obtain the specification because systems implement closed (i.e., undocumented) protocols, or because a time consuming translation has to be performed, from the textual description of the protocol to a format readable by the tools. To address these issues, we propose a new methodology to automatically infer a specification of a protocol from network traces, which generates automata for the protocol language and state machine. Since our solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. The approach was implemented in a tool and experimentally evaluated with publicly available FTP traces. Our results show that the inferred specification is a good approximation of the reference specification, exhibiting a high level of precision and recall. © 2011 IEEE.
AB - Communication protocols determine how network components interact with each other. Therefore, the ability to derive a specification of a protocol can be useful in various contexts, such as to support deeper black-box testing or effective defense mechanisms. Unfortunately, it is often hard to obtain the specification because systems implement closed (i.e., undocumented) protocols, or because a time consuming translation has to be performed, from the textual description of the protocol to a format readable by the tools. To address these issues, we propose a new methodology to automatically infer a specification of a protocol from network traces, which generates automata for the protocol language and state machine. Since our solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. The approach was implemented in a tool and experimentally evaluated with publicly available FTP traces. Our results show that the inferred specification is a good approximation of the reference specification, exhibiting a high level of precision and recall. © 2011 IEEE.
UR - http://ieeexplore.ieee.org/document/6079839/
UR - http://www.scopus.com/inward/record.url?scp=83455205898&partnerID=8YFLogxK
U2 - 10.1109/WCRE.2011.28
DO - 10.1109/WCRE.2011.28
M3 - Conference contribution
SN - 9780769545820
SP - 169
EP - 178
BT - Proceedings - Working Conference on Reverse Engineering, WCRE
ER -