Article

A semantics aware approach to automated reverse engineering unknown protocols

Authors:

Li GuoAuthors Info & Claims

ICNP '12: Proceedings of the 2012 20th IEEE International Conference on Network Protocols (ICNP)

Pages 1 - 10

https://doi.org/10.1109/ICNP.2012.6459963

Published: 30 October 2012 Publication History

Abstract

Extracting the protocol message format specifications of unknown applications from network traces is important for a variety of applications such as application protocol parsing, vulnerability discovery, and system integration. In this paper, we propose ProDecoder, a network trace based protocol message format inference system that exploits the semantics of protocol messages without the executable code of application protocols. ProDecoder is based on the key insight that the n-grams of protocol traces exhibit highly skewed frequency distribution that can be leveraged for accurate protocol message format inference. In ProDecoder, we first discover the latent relationship among n-grams by first grouping protocol messages with the same semantics and then inferring message formats by keyword based clustering and cluster sequence alignment. We implemented and evaluated ProDecoder to infer message format specifications of SMB (a binary protocol) and SMTP (a textual protocol). Our experimental results show that ProDecoder accurately parses and infers SMB protocol with 100% precision and recall. For SMTP, ProDecoder achieves approximately 95% precision and recall.

Cited By

View all

Rohl ARoughan MWhite MChambers ASekar VYu MSeneviratne AVeitch D(2024)POSTER: Packet Field Tree: a hybrid approach, open database and evaluation methodology for Automated Protocol Reverse-EngineeringProceedings of the ACM SIGCOMM 2024 Conference: Posters and Demos10.1145/3672202.3673718(13-15)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672202.3673718
Kumar ATanksale AChowfin AAjjampudi MMishra AKhan ASaha VNaik PVutukuru M(2024)Pyramis: Domain Specific Language for Developing Multi-tier SystemsProceedings of the 8th Asia-Pacific Workshop on Networking10.1145/3663408.3663431(156-162)Online publication date: 3-Aug-2024
https://dl.acm.org/doi/10.1145/3663408.3663431
Swarnkar MSharma N(2024)OptiClass: An Optimized Classifier for Application Layer Protocols Using Bit Level SignaturesACM Transactions on Privacy and Security10.1145/363377727:1(1-23)Online publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1145/3633777
Show More Cited By

Recommendations

A semantics-based approach for achieving self fault-tolerance of protocols
Abstract
The cooperation of different processes may be lost by mistake when a protocol is executed. The protocol cannot be normally operated under this condition. In this paper, the self fault-tolerance of protocols is discussed, and a semantics-based ...
A Data-driven Approach for Reverse Engineering Electric Power Protocols
Abstract
Electric power protocol is a typical kind of industrial protocols, and is widely-used in electric power systems. Since most electric power protocols are private and have no public protocol specification, it poses a great challenge for security ...
Support System for Constructing Communication Services and Protocols based on Compositional Approach
DEXA '00: Proceedings of the 11th International Workshop on Database and Expert Systems Applications

One of the most important techniques for designing protocols is the compositional technique in which small and simple protocols are designed and verified first and then a large and complex protocol is composed of these small unit like protocols. We have ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICNP '12: Proceedings of the 2012 20th IEEE International Conference on Network Protocols (ICNP)

October 2012

403 pages

ISBN:9781467324458

Publisher

IEEE Computer Society

United States

Publication History

Published: 30 October 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

20
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rohl ARoughan MWhite MChambers ASekar VYu MSeneviratne AVeitch D(2024)POSTER: Packet Field Tree: a hybrid approach, open database and evaluation methodology for Automated Protocol Reverse-EngineeringProceedings of the ACM SIGCOMM 2024 Conference: Posters and Demos10.1145/3672202.3673718(13-15)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672202.3673718
Kumar ATanksale AChowfin AAjjampudi MMishra AKhan ASaha VNaik PVutukuru M(2024)Pyramis: Domain Specific Language for Developing Multi-tier SystemsProceedings of the 8th Asia-Pacific Workshop on Networking10.1145/3663408.3663431(156-162)Online publication date: 3-Aug-2024
https://dl.acm.org/doi/10.1145/3663408.3663431
Swarnkar MSharma N(2024)OptiClass: An Optimized Classifier for Application Layer Protocols Using Bit Level SignaturesACM Transactions on Privacy and Security10.1145/363377727:1(1-23)Online publication date: 10-Jan-2024
https://dl.acm.org/doi/10.1145/3633777
Shi QXu XZhang XCalandrino JTroncoso C(2023)Extracting protocol format as state machine via controlled static loop analysisProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620630(7019-7036)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620630
Shi QShao JYe YZheng MZhang XMeng WJensen CCremers CKirda E(2023)Lifting Network Protocol Implementation to Precise Format Specification with Security ApplicationsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3616614(1287-1301)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3616614
Hossain MHan JSchneider JJiang JKabir MVersteeg S(2022)Extracting Formats of Service Messages with Varying PayloadsACM Transactions on Internet Technology10.1145/350315922:3(1-31)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1145/3503159
Wang QSun ZWang ZYe SSu ZChen HHu C(2021)A Practical Format and Semantic Reverse Analysis Approach for Industrial Control ProtocolsSecurity and Communication Networks10.1155/2021/66909882021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/6690988
Lin ZMoon SZarate CMulagalapalli RKulandaivel SFanti GSekar V(2019)Towards Oblivious Network Analysis using Generative Adversarial NetworksProceedings of the 18th ACM Workshop on Hot Topics in Networks10.1145/3365609.3365854(43-51)Online publication date: 13-Nov-2019
https://dl.acm.org/doi/10.1145/3365609.3365854
Kleber SKargl FCavallaro LKinder JWang XKatz J(2019)PosterProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3363261(2581-2583)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3363261
Kleber SKopp HKargl FRossow CYounan Y(2018)NEMESYSProceedings of the 12th USENIX Conference on Offensive Technologies10.5555/3307423.3307431(8-8)Online publication date: 13-Aug-2018
https://dl.acm.org/doi/10.5555/3307423.3307431
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

A semantics-based approach for achieving self fault-tolerance of protocols

A Data-driven Approach for Reverse Engineering Electric Power Protocols

Support System for Constructing Communication Services and Protocols based on Compositional Approach

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations