Automatic Network Protocol Analysis

11 years 21 days ago
Automatic Network Protocol Analysis
Protocol reverse engineering is the process of extracting application-level specifications for network protocols. Such specifications are very helpful in a number of security-related contexts. For example, they are needed by intrusion detection systems to perform deep packet inspection, and they allow the implementation of black-box fuzzing tools. Unfortunately, manual reverse engineering is a time-consuming and tedious task. To address this problem, researchers have recently proposed systems that help to automate the process. These systems operate by analyzing traces of network traffic. However, there is limited information available at the network-level, and thus, the accuracy of the results is limited. In this paper, we present a novel approach to automatic protocol reverse engineering. Our approach works by dynamically monitoring the execution of the application, analyzing how the program is processing the protocol messages that it receives. This is motivated by the insight tha...
Gilbert Wondracek, Paolo Milani Comparetti, Christ
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where NDSS
Authors Gilbert Wondracek, Paolo Milani Comparetti, Christopher Krügel, Engin Kirda
Comments (0)