An Automatic Network Protocol State Machine Inference Method in Protocol Reverse Engineering

Li Hua Zhao; Xue Jia Liang; Xiang Peng; Hua Feng Kong; Mei Zhen Wang

doi:10.4028/www.scientific.net/AMM.513-517.2496

Paper Titles

Standard Interchange Protocol 2: Theory, Design and Implementation
p.2480

Design and Implementation of Intelligent Baby Room Monitoring System Based on the Internet of Things
p.2484

A Study on the Design Method of the Real-Time System Software Based on RTOS
p.2487

Design and Development of As-Built Documents Management System Based on BIM
p.2492

An Automatic Network Protocol State Machine Inference Method in Protocol Reverse Engineering
p.2496

Mobile Clinical Information System for Hospital Ward Rounds
p.2502

A New Kind of Security Communication Mechanism with Security Sessions
p.2506

An Empirical Study of Boosting Methods on Severely Imbalanced Data
p.2510

Application and Improvement of the Network Simulation Platform
p.2514

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 513-517An Automatic Network Protocol State Machine...

An Automatic Network Protocol State Machine Inference Method in Protocol Reverse Engineering

Abstract:

To infer the network protocol state machine is very useful in network security-related contexts, both in research and management. This process follows an extension of the classic Angluins L* algorithm and has achieved an extended version of some Mealy automata to represent or model a communication protocol. The algorithm has been validated by inferring the protocol state machine from SMTPFTP protocol, and tested offline algorithms for the comparison experiments. The experimental results show that this method can more accurately identify the network protocol state machine and is of the important application value.

You might also be interested in these eBooks

View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 513-517)

Pages:

2496-2501

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.513-517.2496

Citation:

Cite this paper

Online since:

February 2014

Authors:

Li Hua Zhao, Xue Jia Liang, Xiang Peng, Hua Feng Kong*, Mei Zhen Wang

Keywords:

Network Protocol, Online Algorithm, Protocol Reverse Engineering, State Machine Inference

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

Citation:

* - Corresponding Author

References

[1] J. Oncina, P. Garcia. Inferring Regular Languages in Polynomial Update Time [J]. Pattern Recognition and Image Analysis, World Scientiﬁc, Singapore, 1992, 49–61.

DOI: 10.1142/9789812797902_0004

Google Scholar

[2] E. Vidal, H. Rulot, J. M. Valiente. Application of the Error-Correcting Grammatical Inference Algorithm(ECGI) to Planar Shape Recognition [J]. In: IEE Colloquium on Grammatical Inference: Theory, Applications and Alternatives. 1993. 1-24.

DOI: 10.1109/icpr.1992.201785

Google Scholar

[3] COLIN de la Higuera. Learning Finite State Machines [J]. Lecture Notes in Computer Science, 2010, 6062(1): 1-10.

Google Scholar

[4] Chia Yuan Cho, Domagoj Babić, Eui Chul , et al. Inference and Analysis of Formal Models of Botnet Command and Control Protocals. In: Proceedings of the 17th ACM conference on Computer and communications security, New York, USA. October 4–8, 2010. 426-439.

DOI: 10.1145/1866307.1866355

Google Scholar

[5] DANA Angluin. Learning Regular Sets from Queries and Counterexamples* [J]. Information and Computation 75, 1987, 87-106.

DOI: 10.1016/0890-5401(87)90052-6

Google Scholar

[6] Benedikt Bollig, Peter Habermehl, Carsten Kern, et al. Angluin-Style Learning of NFA*. In: Online Proceedings of IJCAI 21, 2009. 1004–1009.

Google Scholar

[7] MUZAMMIL Shahbaz, ROLAND Groz. Inferring Mealy Machines [J]. FM2009, LNCS 5850, 207-222.

Google Scholar

[8] B. Saul, D. Christian. A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins [J]. Journal of Molecular Biology, 1970, 48(3): 443~453.

DOI: 10.1016/0022-2836(70)90057-4

Google Scholar