Automatic approaches in protocol reverse engineering

OData support
Dr. Holczer Tamás
Department of Networked Systems and Services

Automated protocol reverse engineering is a young and dynamically developing research

area, significant for many security applications that rely on protocol specification to func-

tion efficiently. Gaining protocol description for closed protocols is known to be a chal-

lenging and time consuming task for reverse engineers. However, it can not be avoided as

many intrusion detection systems and protocol fuzzers require such information. In order

to rely on these applications, automated tools are required that can infer such protocol

specifications. The contribution of this thesis is a novel method to generate protocol syntax

and semantics description, with the use of state of the art binary analysis and data analysis

techniques. The described method combines the advantages of previous researches and ex-

tends them with new concepts, such as the utilization of symbolic execution. This method

is realised in proof of concept solution and the practical challenges of the implementation

are introduced. The created tool is evaluated by reverse engineering the SNMP and HTTP

protocols using minimal number of sample messages.


Please sign in to download the files of this thesis.