Young-Hoon Goo, Kyu-Seok Shim, Byeong-Min Chae, Myung-Sup Kim
{"title":"Framework for precise protocol reverse engineering based on network traces","authors":"Young-Hoon Goo, Kyu-Seok Shim, Byeong-Min Chae, Myung-Sup Kim","doi":"10.1109/NOMS.2018.8406307","DOIUrl":null,"url":null,"abstract":"Emergence of high-speed Internet and ubiquitous environment is generating massive traffic, and it has led to a rapid increase of applications and malicious behaviors with various functions. Many of the complex and diverse protocols that occur under these situations, are unknown or proprietary protocols that are at least documented. For efficient network management and network security, protocol reverse engineering that extract the specification of the protocols is very important. While various protocol reverse engineering methods have been studied, there is no single standardized method to extract protocol specification completely yet, and each of methods has some limitations. In this paper, we propose the framework for precise protocol reverse engineering based on network traces. The proposed framework can extract highly elaborative and intuitive message formats, flow formats, and protocol state machine of the unknown protocol. We demonstrate the validity of our framework through an example of HTTP protocol.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2018.8406307","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Emergence of high-speed Internet and ubiquitous environment is generating massive traffic, and it has led to a rapid increase of applications and malicious behaviors with various functions. Many of the complex and diverse protocols that occur under these situations, are unknown or proprietary protocols that are at least documented. For efficient network management and network security, protocol reverse engineering that extract the specification of the protocols is very important. While various protocol reverse engineering methods have been studied, there is no single standardized method to extract protocol specification completely yet, and each of methods has some limitations. In this paper, we propose the framework for precise protocol reverse engineering based on network traces. The proposed framework can extract highly elaborative and intuitive message formats, flow formats, and protocol state machine of the unknown protocol. We demonstrate the validity of our framework through an example of HTTP protocol.