Name
Abstract | ||
|---|---|---|
Protocol reverse engineering is useful for many security applications, including intelligent fuzzing, intrusion detection and fingerprint generation. Since manual reverse engineering is a time-consuming and tedious process, a number of automatic techniques have been proposed. However, the accuracy of these techniques is limited due to the complexity of binary instructions, and the derived formats have missed constraints that are critical for security applications. In this paper, we propose a new approach for protocol format extraction. Our approach reasons about only the evaluation behavior of a program on the input message from concolic execution, and enables field identification and constraint inference with high accuracy. Moreover, it performs binary analysis with low complexity by reducing modern instruction sets to BIL, a small, well-specified and architecture-independent language. We have implemented our approach into a system called Icefex and evaluated it over real-world implementations of DNS, eDonkey, FTP, HTTP and McAfee ePO protocols. Experimental results show that our approach is more accurate and effective at extracting protocol formats than other approaches. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.3837/tiis.2013.03.010 | KSII TRANSACTIONS ON INTERNET AND INFORMATION SYSTEMS |
Keywords | Field | DocType |
protocol reverse engineering,protocol format extraction,semantic inference,concolic execution,intermediate language | File Transfer Protocol,Fuzz testing,Computer science,Instruction set,Reverse engineering,Fingerprint,Implementation,Intrusion detection system,Binary number,Embedded system | Journal |
Volume | Issue | ISSN |
7 | 3 | 1976-7277 |
Citations | PageRank | References |
7 | 1.92 | 1 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Fan Pan | 1 | 15 | 8.21 |
| Lifa Wu | 2 | 47 | 15.85 |
| Zheng Hong | 3 | 14 | 3.78 |
| Huabo Li | 4 | 25 | 3.51 |
| Haiguang Lai | 5 | 34 | 4.07 |
| Chen-hui Zheng | 6 | 7 | 1.92 |