PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces - ICT Systems Security and Privacy Protection
Conference Papers Year : 2018

PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces

Choongin Lee
  • Function : Author
  • PersonId : 1042885
Jeonghan Bae
  • Function : Author
  • PersonId : 1042886
Heejo Lee
  • Function : Author
  • PersonId : 989242

Abstract

Protocol reverse engineering is the process of extracting application-level protocol specifications. The specifications are a useful source of knowledge about network protocols and can be used for various purposes. Despite the successful results of prior works, their methods primarily result in the inference of a limited number of message types. We herein propose a novel approach that infers a minimized state machine while having a rich amount of information. The combined input of tokens extracted from the network protocol binary executables and network traces enables the inference of new message types and protocol behaviors which had not been found in previous works. In addition, we propose a state minimization algorithm that can be applied to real-time black-box inference. The experimental results show that our approach can infer the largest number of message types for file-transfer protocol (FTP) and simple mail-transfer protocol (SMTP) compared to eight prior arts. Moreover, we found unexpected behaviors in two protocol implementations using the inferred state machines.
Fichier principal
Vignette du fichier
472722_1_En_11_Chapter.pdf (1.44 Mo) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-02023719 , version 1 (21-02-2019)

Licence

Identifiers

Cite

Choongin Lee, Jeonghan Bae, Heejo Lee. PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.141-155, ⟨10.1007/978-3-319-99828-2_11⟩. ⟨hal-02023719⟩
116 View
160 Download

Altmetric

Share

More