Prett: Protocol reverse engineering using binary tokens and network traces

Choongin Lee, Jeonghan Bae, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Protocol reverse engineering is the process of extracting application-level protocol specifications. The specifications are a useful source of knowledge about network protocols and can be used for various purposes. Despite the successful results of prior works, their methods primarily result in the inference of a limited number of message types. We herein propose a novel approach that infers a minimized state machine while having a rich amount of information. The combined input of tokens extracted from the network protocol binary executables and network traces enables the inference of new message types and protocol behaviors which had not been found in previous works. In addition, we propose a state minimization algorithm that can be applied to real-time black-box inference. The experimental results show that our approach can infer the largest number of message types for file-transfer protocol (FTP) and simple mail-transfer protocol (SMTP) compared to eight prior arts. Moreover, we found unexpected behaviors in two protocol implementations using the inferred state machines.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Proceedings
EditorsLech Jan Janczewski, Mirosław Kutyłowski
PublisherSpringer
Pages141-155
Number of pages15
ISBN (Print)9783319998275
DOIs
Publication statusPublished - 2018

Publication series

NameIFIP Advances in Information and Communication Technology
Volume529
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Keywords

  • Automatic protocol analysis
  • Protocol reverse engineering
  • State machine reconstruction

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Fingerprint Dive into the research topics of 'Prett: Protocol reverse engineering using binary tokens and network traces'. Together they form a unique fingerprint.

Cite this