ABInfer: A Novel Field Boundaries inference Approach for Protocol Reverse Engineering

The increasing use of civil unmanned aerial vehicles (UAVs) has the potential to threaten public safety and privacy. Therefore, airspace administrators urgently need an effective method to regulate UAVs. Understanding the meaning and format of UAV flight control commands by automatic protocol reverse-engineering techniques is highly beneficial to UAV regulation. To improve our understanding of the meaning and format of UAV flight control commands, this paper proposes a method to automatically analyze the private flight control protocols of UAVs. First, we classify flight control commands collected from a binary network trace into clusters; then, we analyze the meaning of flight control commands by the accumulated error of each cluster; next, we extract the binary format of commands and infer field semantics in these commands; and finally, we infer the location of the check field in command and the generator polynomial matrix. The proposed approach is validated via experiments on a widely used consumer UAV.

Download Full-text

Survey of Protocol Reverse Engineering Algorithms: Decomposition of Tools for Static Traffic Analysis

IEEE Communications Surveys & Tutorials ◽

10.1109/comst.2018.2867544 ◽

2019 ◽

Vol 21 (1) ◽

pp. 526-561 ◽

Cited By ~ 4

Author(s):

Stephan Kleber ◽

Lisa Maile ◽

Frank Kargl

Keyword(s):

Reverse Engineering ◽

Traffic Analysis ◽

Protocol Reverse Engineering

Download Full-text

Automatic protocol reverse-engineering: Message format extraction and field semantics inference

Computer Networks ◽

10.1016/j.comnet.2012.08.003 ◽

2013 ◽

Vol 57 (2) ◽

pp. 451-474 ◽

Cited By ~ 39

Author(s):

Juan Caballero ◽

Dawn Song

Keyword(s):

Reverse Engineering ◽

Message Format ◽

Protocol Reverse Engineering

Download Full-text

Method of Protocol Reverse Engineering using Application Inference Method based on Symbolic Execution

KIISE Transactions on Computing Practices ◽

10.5626/ktcp.2019.25.4.231 ◽

2019 ◽

Vol 25 (4) ◽

pp. 231-237

Author(s):

Joong Soo Han ◽

Eul Gyu Im

Keyword(s):

Reverse Engineering ◽

Symbolic Execution ◽

Inference Method ◽

Protocol Reverse Engineering

Download Full-text

A Survey on Methods of Automatic Protocol Reverse Engineering

2011 Seventh International Conference on Computational Intelligence and Security ◽

10.1109/cis.2011.156 ◽

2011 ◽

Cited By ~ 13

Author(s):

XiangDong Li ◽

Li Chen

Keyword(s):

Reverse Engineering ◽

Protocol Reverse Engineering

Download Full-text

An Automatic Network Protocol State Machine Inference Method in Protocol Reverse Engineering

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.2496 ◽

2014 ◽

Vol 513-517 ◽

pp. 2496-2501

Author(s):

Li Hua Zhao ◽

Xue Jia Liang ◽

Xiang Peng ◽

Hua Feng Kong ◽

Mei Zhen Wang

Keyword(s):

Network Security ◽

Reverse Engineering ◽

Communication Protocol ◽

State Machine ◽

Important Application ◽

Network Protocol ◽

Extended Version ◽

Inference Method ◽

Mealy Automata ◽

Protocol Reverse Engineering

To infer the network protocol state machine is very useful in network security-related contexts, both in research and management. This process follows an extension of the classic Angluins L* algorithm and has achieved an extended version of some Mealy automata to represent or model a communication protocol. The algorithm has been validated by inferring the protocol state machine from SMTPFTP protocol, and tested offline algorithms for the comparison experiments. The experimental results show that this method can more accurately identify the network protocol state machine and is of the important application value.

Download Full-text

NetPlier: Probabilistic Network Protocol Reverse Engineering from Message Traces

Proceedings 2021 Network and Distributed System Security Symposium ◽

10.14722/ndss.2021.24531 ◽

2021 ◽

Author(s):

Yapeng Ye ◽

Zhuo Zhang ◽

Fei Wang ◽

Xiangyu Zhang ◽

Dongyan Xu

Keyword(s):

Reverse Engineering ◽

Network Protocol ◽

Probabilistic Network ◽

Protocol Reverse Engineering

Download Full-text

A Type-Aware Approach to Message Clustering for Protocol Reverse Engineering

Sensors ◽

10.3390/s19030716 ◽

2019 ◽

Vol 19 (3) ◽

pp. 716 ◽

Cited By ~ 5

Author(s):

Xin Luo ◽

Dan Chen ◽

Yongjun Wang ◽

Peidai Xie

Keyword(s):

Reverse Engineering ◽

Latent Dirichlet Allocation ◽

Coarse Grained ◽

Quality Of Services ◽

Type Distribution ◽

Iot Applications ◽

Protocol Reverse Engineering ◽

Strict Requirement ◽

Type Information

Protocol Reverse Engineering (PRE) is crucial for information security of Internet-of-Things (IoT), and message clustering determines the effectiveness of PRE. However, the quality of services still lags behind the strict requirement of IoT applications as the results of message clustering are often coarse-grained with the intrinsic type information hidden in messages largely ignored. Aiming at this problem, this study proposes a type-aware approach to message clustering guided by type information. The approach regards a message as a combination of n-grams, and it employs the Latent Dirichlet Allocation (LDA) model to characterize messages with types and n-grams via inferring the type distribution of each message. The type distribution is finally used to measure the similarity of messages. According to this similarity, the approach clusters messages and further extracts message formats. Experimental results of the approach against Netzob in terms of a number of protocols indicate that the correctness and conciseness can be significantly improved, e.g., figures 43.86% and 3.87%, respectively for the CoAP protocol.

Download Full-text