{"title":"Automatic Reverse Engineering Method for Extracting Well-trimmed Protocol Specification","authors":"Young-Hoon Goo, Kyu-Seok Shim, Myung-Sup Kim","doi":"10.1145/3291842.3291921","DOIUrl":null,"url":null,"abstract":"Emergence of high-speed Internet and ubiquitous environment has led to a rapid increase of applications and malicious behaviors with various functions. Many of the complex and diverse protocols that occur under these situations, are unknown protocols that are at least documented. For efficient network management and network security, protocol reverse engineering that extract the specification of the protocols is very important. While various protocol reverse engineering methods are being studied, each of methods has some limitations. In this paper, we propose the reverse engineering method for extracting well-trimmed protocol specification. The proposed method can extract intuitive field formats, message formats with semantics, flow formats, and protocol state machine of the unknown protocol. We implement our approach in a prototype system and demonstrate the validity of our approach through experimenting it over HTTP protocol.","PeriodicalId":283197,"journal":{"name":"Proceedings of the 2nd International Conference on Telecommunications and Communication Engineering","volume":"149 5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2nd International Conference on Telecommunications and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3291842.3291921","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
Emergence of high-speed Internet and ubiquitous environment has led to a rapid increase of applications and malicious behaviors with various functions. Many of the complex and diverse protocols that occur under these situations, are unknown protocols that are at least documented. For efficient network management and network security, protocol reverse engineering that extract the specification of the protocols is very important. While various protocol reverse engineering methods are being studied, each of methods has some limitations. In this paper, we propose the reverse engineering method for extracting well-trimmed protocol specification. The proposed method can extract intuitive field formats, message formats with semantics, flow formats, and protocol state machine of the unknown protocol. We implement our approach in a prototype system and demonstrate the validity of our approach through experimenting it over HTTP protocol.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
