Reverse extraction of protocol model from network applications

Authors:
Meijian Li;Yongjun Wang;Shangjie Jin;Peidai Xie
Affiliations:
Computer College, National University of Defence Technology, ChangSha, 410073, China;Computer College, National University of Defence Technology, ChangSha, 410073, China;Institute of Military Transportation, Academy of Military Transportation, TianJin, 300161, China;Computer College, National University of Defence Technology, ChangSha, 410073, China
Venue:
International Journal of Internet Protocol Technology
Year:
2013

Citing 11
Cited 0

Real-time object-oriented modeling

Real-time object-oriented modeling
QUARK: Empirical Assessment of Automaton-based Specification Miners

WCRE '06 Proceedings of the 13th Working Conference on Reverse Engineering
binpac: a yacc for writing application protocol parsers

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Program Instrumentation and Software Testing

Computer
Tupni: automatic reverse engineering of input formats

Proceedings of the 15th ACM conference on Computer and communications security
Prospex: Protocol Specification Extraction

SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering

Proceedings of the 16th ACM conference on Computer and communications security
Mining message sequence graphs

Proceedings of the 33rd International Conference on Software Engineering
Inferring protocol state machine from network traces: a probabilistic approach

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
PrefixTreeESpan: a pattern growth algorithm for mining embedded subtrees

WISE'06 Proceedings of the 7th international conference on Web Information Systems
Automatic handling of protocol dependencies and reaction to 0-day attacks with scriptgen based honeypots

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

The reverse extraction of the protocol model from a network application is performed to understand network behaviour and detect vulnerabilities. In this paper, we propose a framework that automatically extracts the described formal protocol model using a state machine. The proposed system, which is based on a dynamic binary analysis technique, is suited to the reverse analysis of network applications implemented with closed and encrypted protocols. We evaluate the technique by conducting experiments on the extracting protocol models from two secure socket layer implementation programs to demonstrate the strength of this technique. The results show that the proposed approach can produce a corresponding approximate protocol model from network applications. However, exhibiting high practice in the aspect of network behaviour analysis does not make sense for real-world applications.