A Survey of Automatic Protocol Reverse Engineering Approaches, Methods, and Tools on the Inputs and Outputs View

Sija, Baraka D.; Goo, Young Hoon; Shim, Kyuseok; Hasanova, Huru; Kim, Myung-Sup

doi:10.1155/2018/8370341

Cited by 30 publications

(13 citation statements)

References 31 publications

(90 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Protocol Reverse Engineering. Protocol reverse engineering targets at inferring the specification of unknown network protocols for further security evaluation [56], [63], [37], [73]. There are two main categories, either by program analysis [28], [57], [82], [33], [59], [32] or by network traces [22], [55], [35], [52], [81], [51], [80], [26], [38], [47].…”

Section: Related Workmentioning

confidence: 99%

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Zhang

Wang

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Network protocol reverse engineering is an important challenge with many security applications. A popular kind of method leverages network message traces. These methods rely on pair-wise sequence alignment and/or tokenization. They have various limitations such as difficulties of handling a large number of messages and dealing with inherent uncertainty. In this paper, we propose a novel probabilistic method for network trace based protocol reverse engineering. It first makes use of multiple sequence alignment to align all messages and then reduces the problem to identifying the keyword field from the set of aligned fields. The keyword field determines the type of a message. The identification is probabilistic, using random variables to indicate the likelihood of each field (being the true keyword). A joint distribution is constructed among the random variables and the observations of the messages. Probabilistic inference is then performed to determine the most likely keyword field, which allows messages to be properly clustered by their true types and enables the recovery of message format and state machine. Our evaluation on 10 protocols shows that our technique substantially outperforms the state-of-the-art and our case studies show the unique advantages of our technique in IoT protocol reverse engineering and malware analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Zhang

Wang

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…For instance, protocol reverse engineering can be helpful for firewalls and intrusion detection systems to detect and block previously unknown attacks. It can also be used for penetration testing, can be used in a smart fuzzing operation to identify network vulnerabilities, and can provide useful information as part of deep packet inspection (DPI) to analyze malware protocols [4]. However, in order to provide this information, an in-depth understanding of the protocol is first required, and the underlying technology is protocol reverse engineering [5].…”

Section: Introductionmentioning

confidence: 99%

Two-Pathway Model for Enhancement of Protocol Reverse Engineering

2020

KSII TIIS

View full text Add to dashboard Cite

“…As signal positions, lengths and coding are proprietary and vary among makes, models, model years and even geographical area, first, we have to interpret the messages. We emphasize that we do not intend to perform (an even remotely) comprehensive reverse engineering Sija et al (2018); we focus solely on a small number of sensor signals which are good descriptors of natural driving behavior.…”

Section: Introductionmentioning

confidence: 99%

Extracting Vehicle Sensor Signals from CAN Logs for Driver Re-identification

Lestyán

Ács

Biczók

et al. 2019

Proceedings of the 5th International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Data is the new oil for the car industry. Cars generate data about how they are used and who's behind the wheel which gives rise to a novel way of profiling individuals. Several prior works have successfully demonstrated the feasibility of driver re-identification using the in-vehicle network data captured on the vehicle's CAN (Controller Area Network) bus. However, all of them used signals (e.g., velocity, brake pedal or accelerator position) that have already been extracted from the CAN log which is itself not a straightforward process. Indeed, car manufacturers intentionally do not reveal the exact signal location within CAN logs. Nevertheless, we show that signals can be efficiently extracted from CAN logs using machine learning techniques. We exploit that signals have several distinguishing statistical features which can be learnt and effectively used to identify them across different vehicles, that is, to quasi "reverse-engineer" the CAN protocol. We also demonstrate that the extracted signals can be successfully used to re-identify individuals in a dataset of 33 drivers. Therefore, not revealing signal locations in CAN logs per se does not prevent them to be regarded as personal data of drivers.

show abstract

A Survey of Automatic Protocol Reverse Engineering Approaches, Methods, and Tools on the Inputs and Outputs View

Cited by 30 publications

References 31 publications

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Two-Pathway Model for Enhancement of Protocol Reverse Engineering

Extracting Vehicle Sensor Signals from CAN Logs for Driver Re-identification

Contact Info

Product

Resources

About