A survey of communication protocol testing
Journal of Systems and Software
Grammatical Inference in Bioinformatics
IEEE Transactions on Pattern Analysis and Machine Intelligence
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
A Reverse Engineering Tool for Extracting Protocols of Networked Applications
WCRE '07 Proceedings of the 14th Working Conference on Reverse Engineering
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Network protocol interoperability testing based on contextual signatures and passive testing
Proceedings of the 2009 ACM symposium on Applied Computing
Automatic steering of behavioral model inference
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Prospex: Protocol Specification Extraction
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
On the Synthesis of Finite-State Machines from Samples of Their Behavior
IEEE Transactions on Computers
A passive testing approach based on invariants: application to the WAP
Computer Networks: The International Journal of Computer and Telecommunications Networking
Traffic to protocol reverse engineering
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Vulnerability Discovery with Attack Injection
IEEE Transactions on Software Engineering
Grammatical Inference: Learning Automata and Grammars
Grammatical Inference: Learning Automata and Grammars
| Hi-index | 0.01 |
Network servers can be tested for correctness by resorting to a specification of the implemented protocol. However, producing a protocol specification can be a time consuming task. In addition, protocols are constantly evolving with new functionality and message formats that render the previously defined specifications incomplete or deprecated. This paper presents a methodology to automatically complement an existing specification with extensions to the protocol by analyzing the contents of the messages in network traces. The approach can be used on top of existing protocol reverse engineering techniques allowing it to be applied to both open and closed protocols. This approach also has the advantage of capturing unpublished or undocumented features automatically, thus obtaining a more complete and realistic specification of the implemented protocol. The proposed solution was evaluated with a prototype tool that was able to complement an IETF protocol (FTP) specification with several extensions extracted from traffic data collected in 320 public servers.