Framework for precise protocol reverse engineering based on network traces

Abstract

Emergence of high-speed Internet and ubiquitous environment is generating massive traffic, and it has led to a rapid increase of applications and malicious behaviors with various functions. Many of the complex and diverse protocols that occur under these situations, are unknown or proprietary protocols that are at least documented. For efficient network management and network security, protocol reverse engineering that extract the specification of the protocols is very important. While various protocol reverse engineering methods have been studied, there is no single standardized method to extract protocol specification completely yet, and each of methods has some limitations. In this paper, we propose the framework for precise protocol reverse engineering based on network traces. The proposed framework can extract highly elaborative and intuitive message formats, flow formats, and protocol state machine of the unknown protocol. We demonstrate the validity of our framework through an example of HTTP protocol.