Int. J. of Internet Protocol Technology   »   2013 Vol.7, No.4

 

 

Title: Reverse extraction of protocol model from network applications

 

Authors: Meijian Li; Yongjun Wang; Shangjie Jin; Peidai Xie

 

Addresses:
Computer College, National University of Defence Technology, ChangSha, 410073, China
Computer College, National University of Defence Technology, ChangSha, 410073, China
Institute of Military Transportation, Academy of Military Transportation, TianJin, 300161, China
Computer College, National University of Defence Technology, ChangSha, 410073, China

 

Abstract: The reverse extraction of the protocol model from a network application is performed to understand network behaviour and detect vulnerabilities. In this paper, we propose a framework that automatically extracts the described formal protocol model using a state machine. The proposed system, which is based on a dynamic binary analysis technique, is suited to the reverse analysis of network applications implemented with closed and encrypted protocols. We evaluate the technique by conducting experiments on the extracting protocol models from two secure socket layer implementation programs to demonstrate the strength of this technique. The results show that the proposed approach can produce a corresponding approximate protocol model from network applications. However, exhibiting high practice in the aspect of network behaviour analysis does not make sense for real-world applications.

 

Keywords: dynamic binary analysis; DBA; specification mining; protocol reverse engineering; reverse extraction; network behaviour; network vulnerabilities; protocol models; network security.

 

DOI: 10.1504/IJIPT.2013.058671

 

Int. J. of Internet Protocol Technology, 2013 Vol.7, No.4, pp.228 - 245

 

Available online: 13 Jan 2014

 

 

Editors Full text accessAccess for SubscribersPurchase this articleComment on this article