Towards Automated Protocol Reverse Engineering Using Semantic Information

Georges Bossert 1 Frédéric Guihéry 2 Guillaume Hiet 1
1 CIDRE - Confidentialité, Intégrité, Disponibilité et Répartition
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE, Inria Rennes – Bretagne Atlantique , CentraleSupélec
Abstract : Network security products, such as NIDS or application firewalls, tend to focus on application level communication flows. However, adding support for new proprietary and often undocumented protocols, implies the reverse engineering of these protocols. Currently, this task is performed manually. Considering the difficulty and time needed for manual reverse engineering of protocols, one can easily understand the importance of automating this task. This is even given more significance in today's cybersecurity context where reaction time and automated adaptation become a priority. Several studies were carried out to infer protocol's specifications from traces. As shown in this article, they do not provide accurate results on complex protocols and are often not applicable in an operational context to provide parsers or traffic generators, some key indicators of the quality of obtained specifications. In addition, too few previous works have resulted in the publication of tools that would allow the scientific community to experimentally validate and compare the different approaches. In this paper, we infer the specifications out of complex protocols by means of an automated approach and novel techniques. Based on communication traces, we reverse the vocabulary of a protocol by considering embedded contextual information. We also use this information to improve message clustering and to enhance the identification of fields boundaries. We then show the viability of our approach through a comparative study including our reimplementation of three other state-of-the-art approaches (ASAP, Discoverer and ScriptGen).
Type de document :
Communication dans un congrès
ASIA CCS '14, Jun 2014, Kyoto, Japan. pp.51-62, 2014, 〈10.1145/2590296.2590346〉
Liste complète des métadonnées

https://hal-supelec.archives-ouvertes.fr/hal-01009283
Contributeur : Myriam Andrieux <>
Soumis le : mardi 17 juin 2014 - 16:20:20
Dernière modification le : mercredi 16 mai 2018 - 11:23:34

Identifiants

Citation

Georges Bossert, Frédéric Guihéry, Guillaume Hiet. Towards Automated Protocol Reverse Engineering Using Semantic Information. ASIA CCS '14, Jun 2014, Kyoto, Japan. pp.51-62, 2014, 〈10.1145/2590296.2590346〉. 〈hal-01009283〉

Partager

Métriques

Consultations de la notice

1427