Abstract
We apply automata learning techniques to learn fragments of the TCP network protocol by observing its external behaviour. We show that different implementations of TCP in Windows 8 and Ubuntu induce different automata models, thus allowing for fingerprinting of these implementations. In order to infer our models we use the notion of a mapper component introduced by Aarts, Jonsson and Uijen, which abstracts the large number of possible TCP packets into a limited number of abstract actions that can be handled by the regular inference tool LearnLib. Inspection of the learned models reveals that both Windows 8 and Ubuntu 13.10 violate RFC 793.
Keywords
- Sequence Number
- Transmission Control Protocol
- Session Initiation Protocol
- Mapper Component
- System Under Test
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aarts, F., de Ruiter, J., Poll, E.: Formal models of bank cards for free. In: Proceedings of the 4th International Workshop on Security Testing, SECTEST 2013, Luxembourg, March 22 (2013)
Aarts, F., Heidarian, F., Kuppens, H., Olsen, P., Vaandrager, F.: Automata learning through counterexample guided abstraction refinement. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 10–27. Springer, Heidelberg (2012)
Aarts, F., Jonsson, B., Uijen, J.: Generating models of infinite-state communication protocols using regular inference with abstraction. In: Petrenko, A., Simão, A., Maldonado, J.C. (eds.) ICTSS 2010. LNCS, vol. 6435, pp. 188–204. Springer, Heidelberg (2010); Full version avalable at https://pms.cs.ru.nl/iris-diglib/src/getContent.php?id=2013-Aarts-InferenceRegular
Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)
Buchler, M., Hossen, K., Mihancea, P.F., Minea, M., Groz, R., Oriat, C.: Model inference and security testing in the spacios project. In: 2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), pp. 411–414 (February 2014)
Chalupar, G., Peherstorfer, S., Poll, E., de Ruiter, J.: Automated reverse engineering using lego, http://www.cs.ru.nl/~erikpoll/papers/legopaper.pdf
Cho, C.Y., Babić, D., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols, New York, NY, USA (2010)
Corelabs. Impacket, http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket
Corelabs. Pcapy, http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy
Fiterau, P., Janssen, R.: Experimental learning setup for TCP, https://bitbucket.org/fiteraup/learning-tcp
Hagerer, A., Hungar, H., Niese, O., Steffen, B.: Model generation by moderated regular extrapolation. In: Kutsche, R.-D., Weber, H. (eds.) FASE 2002. LNCS, vol. 2306, pp. 80–95. Springer, Heidelberg (2002)
Howar, F., Steffen, B., Jonsson, B., Cassel, S.: Inferring canonical register automata. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 251–266. Springer, Heidelberg (2012)
Merten, M., Steffen, B., Howar, F., Margaria, T.: Next generation LearnLib. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 220–223. Springer, Heidelberg (2011)
Pahdye, J., Floyd, S.: On inferring tcp behavior. SIGCOMM Comput. Commun. Rev. 31(4), 287–298 (2001)
Postel, J. (ed.): Transmission Control Protocol - DARPA Internet Program Protocol Specification, RFC 3261 (September 1981), http://www.ietf.org/rfc/rfc793.txt
Raffelt, H., Steffen, B., Berg, T., Margaria, T.: LearnLib: a framework for extrapolating behavioral models. STTT 11(5), 393–407 (2009)
Shahbaz, M., Groz, R.: Inferring mealy machines. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 207–222. Springer, Heidelberg (2009)
SPaCIoS. Deliverable 2.2.1: Method for assessing and retrieving models (2013)
Tijssen, M.: Automatic modeling of ssh implementations with state machine learning algorithms. Bachelor’s thesis, Radboud University Nijmegen (June 2014)
Ubuntu TCP header file, http://lxr.free-electrons.com/source/include/net/tcp.h
How to modify the tcp/ip maximum retransmission time-out, http://support.microsoft.com/kb/170359
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Fiterău-Broştean, P., Janssen, R., Vaandrager, F. (2014). Learning Fragments of the TCP Network Protocol. In: Lang, F., Flammini, F. (eds) Formal Methods for Industrial Critical Systems. FMICS 2014. Lecture Notes in Computer Science, vol 8718. Springer, Cham. https://doi.org/10.1007/978-3-319-10702-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-10702-8_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10701-1
Online ISBN: 978-3-319-10702-8
eBook Packages: Computer ScienceComputer Science (R0)