Inferring Protocol State Machine from Real-World Trace

Wang, Yipeng; Zhang, Zhibin; Guo, Li

doi:10.1007/978-3-642-15512-3_32

Yipeng Wang^18,19,
Zhibin Zhang¹⁸ &
Li Guo¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6307))

Included in the following conference series:

International Workshop on Recent Advances in Intrusion Detection

2413 Accesses
2 Citations

Abstract

Application-level protocol specifications are helpful for network security management, including intrusion detection, intrusion prevention and detecting malicious code. However, current methods for obtaining unknown protocol specifications highly rely on manual operations, such as reverse engineering. This poster provides a novel insight into inferring a protocol state machine from real-world trace of a application. The chief feature of our method is that it has no priori knowledge of protocol format, and our technique is based on the statistical nature of the protocol specifications. We evaluate our approach with text and binary protocols, our experimental results demonstrate our proposed method has a good performance in practice.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

PRETT: Protocol Reverse Engineering Using Binary Tokens and Network Traces

Protocol Analysis Method Based on State Machine

Inspector: A Semantics-Driven Approach to Automatic Protocol Reverse Engineering

References

Leita, C., Mermoud, K., Dacier, M.: Scriptgen: an automated script generation tool for honeyd. In: Annual Computer Security Applications Conference (2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China
Yipeng Wang, Zhibin Zhang & Li Guo
Graduate University, Chinese Academy of Sciences, Beijing, China
Yipeng Wang

Authors

Yipeng Wang
View author publications
You can also search for this author in PubMed Google Scholar
Zhibin Zhang
View author publications
You can also search for this author in PubMed Google Scholar
Li Guo
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA
Somesh Jha
International Computer Science Institute, 1947 Center Street, Suite 600, 94704, Berkeley, CA, USA
Robin Sommer & Christian Kreibich &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wang, Y., Zhang, Z., Guo, L. (2010). Inferring Protocol State Machine from Real-World Trace. In: Jha, S., Sommer, R., Kreibich, C. (eds) Recent Advances in Intrusion Detection. RAID 2010. Lecture Notes in Computer Science, vol 6307. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15512-3_32

Download citation

DOI: https://doi.org/10.1007/978-3-642-15512-3_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15511-6
Online ISBN: 978-3-642-15512-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics