Title: Reverse extraction of protocol model from network applications

Authors: Meijian Li; Yongjun Wang; Shangjie Jin; Peidai Xie

Addresses: Computer College, National University of Defence Technology, ChangSha, 410073, China ' Computer College, National University of Defence Technology, ChangSha, 410073, China ' Institute of Military Transportation, Academy of Military Transportation, TianJin, 300161, China ' Computer College, National University of Defence Technology, ChangSha, 410073, China

Abstract: The reverse extraction of the protocol model from a network application is performed to understand network behaviour and detect vulnerabilities. In this paper, we propose a framework that automatically extracts the described formal protocol model using a state machine. The proposed system, which is based on a dynamic binary analysis technique, is suited to the reverse analysis of network applications implemented with closed and encrypted protocols. We evaluate the technique by conducting experiments on the extracting protocol models from two secure socket layer implementation programs to demonstrate the strength of this technique. The results show that the proposed approach can produce a corresponding approximate protocol model from network applications. However, exhibiting high practice in the aspect of network behaviour analysis does not make sense for real-world applications.

Keywords: dynamic binary analysis; DBA; specification mining; protocol reverse engineering; reverse extraction; network behaviour; network vulnerabilities; protocol models; network security.

DOI: 10.1504/IJIPT.2013.058671

International Journal of Internet Protocol Technology, 2013 Vol.7 No.4, pp.228 - 245

Published online: 19 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article