Abstract
The paper presents a proposition of a system of protocol discovering (Protocol Discoverer) developed on the basis of Grammatical Evolution techniques. Unlike numerous other solutions based solely on observing messages between participants of a conversation, our Protocol Discoverer is an active participant which generates messages and sends them to the system for which the protocol is to be identified. This solution allows not only for identifying typical behaviors of participants within a protocol, but also for finding anomalous behaviors (the ones which normally do not occur between participants using a defined protocol).
In order to generate the description of a protocol in the form of a context-free grammar, the solution presented in the article is based on the evolutionary approach using Grammatical Evolution by Grammatical Evolution. Universal grammar is the basis for creating evolutionary solution grammars which describe particular pairs of requests-responses appearing in the protocol.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
A byte string is a sequence of one or more bytes. The text string is a special case of a byte string, so protocols that use text messages may be inferred by the proposed mechanism.
- 2.
With the assumption that the scaling constant w1 is greater than w2.
- 3.
Presented values are given in the hexadecimal system.
References
Cook, J.E., Wolf, A.L.: Discovering models of software process from even-base data. ACM Trans. Softw. Eng. Methodol. 7, 215–249 (1998)
Saint-Paul, R., Casati, F., Motahari-Nezhad, H.R., Benatallah, B.: Protocol discovery from imperfect service interaction logs. In: IEEE 29th International Conference on Data Engineering (ICDE), pp. 1405–1409 (2007), doi:10.1109/ICDE.2007.369022
van der Aalst, W.M.P., van Dongen, B.F., Herbst, J., Maruster, L., Schimm, G., Weijters, A.J.M.M.: Workflow mining: a survey of issues and approaches. Data Knowl. Eng. 47, 237–267 (2003)
Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Provos, N. (ed.) USENIX Security Symposium. USENIX Association (2007)
Fayyad, U., Uthurusamy, R.: Data mining and knowledge discovery in databases. Commun. ACM 39(11), 24–36 (1996)
Das, S., Mozer, M.C.: A unified gradient-descent/clustering architecture for finite state machine induction. In: Proceedings of the 1993 Conference, vol. 6. Advances in Neural Information Processing Systems, pp. 19–26. Morgan Kaufmann (1994)
Zeng, Z., Goodman, R.M., Smyth, P.: Learning finite state machines with self-clustering recurrent networks. Neural Comput. 5, 976–990 (1993)
Gold, E.M.: Language identification in the limit. Inf. Control 10, 447–474 (1967)
Gold, E.M.: Complexity of automatic identification from given data. Inf. Control 37, 302–320 (1978)
Comparetti, P.M., Wondracek, G., Kruegel, Ch., Kirda, E.: Prospex: Protocol Specification Extraction. In: IEEE Symposium on Security and Privacy, pp. 110–125. IEEE Computer Society (2009)
O’Neill, M., Ryan, C.: Grammatical evolution by grammatical evolution: the evolution of grammar and genetic code. In: Keijzer, M., O’Reilly, U.M., Lucas, S.M., Costa, E., Soule, T. (eds.) Genetic Programming 7th European Conference, EuroGP 2004, Proceedings. LNCS, vol. 3003, 5–7 April, pp. 138–149. Springer, Portugal (2004)
O’Neill, M., Ryan, C.: Grammatical evolution. IEEE Trans. Evol. Comput. 5(4), 349358 (2001). doi:10.1109/4235.942529
O’Neill, M., Ryan, C.: Grammatical evolution: evolutionary automatic programming in a arbitrary language. Genetic Programming, vol. 4. Kluwer Academic Publishers (2003)
Pałka, D., Zachara, M., Wójcik, K.: Evolutionary scanner of web application vulnerabilities. In: Gaj, P., Kwiecien, A., Stera, P. (eds.) CN, Communications in Computer and Information Science, vol. 608, pp. 384–396. Springer (2016), http://dx.doi.org/10.1007/978-3-319-39207-3_33
Pałka, D., Zachara, M.: Automatic grammar induction for grammar based genetic programming. In: Rutkowski, L., Korytkowski, M., Scherer, R., Tadeusiewicz, R., Zadeh, L.A., Zurada, J.M. (eds.) ICAISC (1). Lecture Notes in Computer Science, vol. 9119, pp. 350–360. Springer (2015), http://dx.doi.org/10.1007/978-3-319-19324-3_32
Sony EVI-D30/D31 Command List, https://www.cs.rochester.edu/~nelson/courses/vision/resources/sony_evi-d31.pdf, Accessed 16 May 2017
Sony Color Video Camera Technical Manual, https://pro.sony.com/bbsccms/assets/files/mkt/remotemonitoring/manuals/rm-EVID100_technical_manual.pdf, Accessed 16 May 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Pałka, D., Zachara, M., Wójcik, K. (2018). Active Protocol Discoverer Based on Grammatical Evolution. In: Borzemski, L., Świątek, J., Wilimowska, Z. (eds) Information Systems Architecture and Technology: Proceedings of 38th International Conference on Information Systems Architecture and Technology – ISAT 2017. ISAT 2017. Advances in Intelligent Systems and Computing, vol 655. Springer, Cham. https://doi.org/10.1007/978-3-319-67220-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-67220-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67219-9
Online ISBN: 978-3-319-67220-5
eBook Packages: EngineeringEngineering (R0)