{"title":"Inferring protocol state machine for binary communication protocol","authors":"Fanzhi Meng, Yuan Liu, Chunrui Zhang, Tong Li, Yang Yue","doi":"10.1109/WARTIA.2014.6976411","DOIUrl":null,"url":null,"abstract":"Communication protocol reverse engineering has played an important role in the field of network security. Inferring protocol state machine for unknown protocol is a part of protocol specifications mining. This paper proposed a novel approach in the mining of unknown binary protocol state machine. It allows to automatically generating the state models for binary protocol by listening to network traces. We present a new methodology to align the corresponding fields and extract the state relevant fields from binary protocol communication traces, and then based on the state relevant fields to construct the protocol state model. The experimental results of ARP and TCP show that our approach is effective.","PeriodicalId":288854,"journal":{"name":"2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)","volume":"4563 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WARTIA.2014.6976411","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Communication protocol reverse engineering has played an important role in the field of network security. Inferring protocol state machine for unknown protocol is a part of protocol specifications mining. This paper proposed a novel approach in the mining of unknown binary protocol state machine. It allows to automatically generating the state models for binary protocol by listening to network traces. We present a new methodology to align the corresponding fields and extract the state relevant fields from binary protocol communication traces, and then based on the state relevant fields to construct the protocol state model. The experimental results of ARP and TCP show that our approach is effective.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
