Advanced search
Publication Cover
International Journal of Parallel, Emergent and Distributed Systems Volume 35, 2020 - Issue 3: Smart Computing and Communication
Submit an article Journal homepage
428
Views
12
CrossRef citations to date
0
Altmetric
Original Articles

IPART: an automatic protocol reverse engineering tool based on global voting expert for industrial protocols

Xiaowei WangBeihang University, Beijing, People's Republic of ChinaView further author information
,
Kezhi LvQuzhou University, Quzhou, People's Republic of ChinaView further author information
&
Bo LiBeihang University, Beijing, People's Republic of ChinaCorrespondence[email protected]
View further author information
Pages 376-395 | Received 08 May 2019, Accepted 02 Aug 2019, Published online: 03 Sep 2019

References

  • Krueger T, Gascon H, Krämer N, et al. Learning stateful models for network honeypots. In: Proceedings of the 5th ACM workshop on Security and Artificial Intelligence. ACM; 2012. p. 37–48.
  • Gascon H, Wressnegger C, Yamaguchi F, et al. Pulsar: stateful black-box fuzzing of proprietary network protocols. In: International Conference on Security and Privacy in Communication Systems. Springer; 2015. p. 330–347.
  • Leita C, Mermoud K, Dacier M. Scriptgen: an automated script generation tool for honeyd. In: 21st Annual Computer Security Applications Conference (ACSAC'05). IEEE; 2005. p. 12.
  • Wressnegger C, Kellner A, Rieck K. Zoe: content-based anomaly detection for industrial control systems. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE; 2018. p. 127–138.
  • Cui W, Kannan J, Wang HJ. Discoverer: automatic protocol reverse engineering from network traces,  in Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. USENIX Association, 2007. p. 1–14.
  • Wang Y, Yun X, Shafiq MZ, et al. A semantics aware approach to automated reverse engineering unknown protocols. In: 2012 20th IEEE International Conference on Network Protocols (ICNP). IEEE; 2012. p. 1–10.
  • Swales A. Swales: open modbus/tcp specification. Schneider Electric. 1999;29.
  • Caballero J, Yin H, Liang Z, et al. Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security. ACM; 2007. p. 317–329.
  • Lin Z, Jiang X, Xu D. Automatic protocol format reverse engineering through context-aware monitored execution. In  in 15th Symposium on Network and Distributed System Security, San Diego, CA. NDSS; 2008. p. 1–15.
  • Wang Z, Jiang X, Cui W, et al. Reformat: automatic reverse engineering of encrypted messages. In: European Symposium on Research in Computer Security. Springer; 2009. p. 200–215.
  • Cui W, Peinado M, Chen K, et al. Tupni: automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and Communications Security. ACM; 2008. p. 391–402.
  • Leita C. D4. 6 protocol learning for ami environments.
  • Bossert G, Guihéry F, Hiet G. Towards automated protocol reverse engineering using semantic information. In: Proceedings of the 9th ACM symposium on Information, Computer and Communications Security. ACM; 2014. p. 51–62.
  • Antunes J, Neves N, Verissimo P. Reverse engineering of protocols from network traces. In: 2011 18th Working Conference on Reverse Engineering (WCRE). IEEE; 2011. p. 169–178.
  • Krueger T, Krämer N, Rieck K. Asap: Automatic semantics-aware analysis of network payloads. In: International Workshop on Privacy and Security Issues in Data Mining and Machine Learning. Springer; 2010. p. 50–63.
  • Kleber S, Kopp H, Kargl F. NEMESYS: NetworkMessage Syntax Reverse Engineering by Analysis of the Intrinsic Structure of Individual Messages. In: Workshop on Offensive Technologies, WOOT.USENIX Association, 2018.
  • Zhang Z, Zhang Z, Lee PPC, et al. Toward unsupervised protocol feature word extraction. IEEE J Sel Areas Commun. 2014;32(10):1894–1906. doi: 10.1109/JSAC.2014.2358857
  • Needleman SB, Wunsch CD. A general method applicable to the search for similarities in the amino acid sequence of two proteins. J Mol Biol. 1970;48(3):443–453. doi: 10.1016/0022-2836(70)90057-4
  • Shim K-S, Goo Y-H, Lee M-S, et al. Inference of network unknown protocol structure using csp (contiguous sequence pattern) algorithm based on tree structure. In: NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium. IEEE; 2018. p. 1–4.
  • Beddoe MA. Network protocol analysis using bioinformatics algorithms, 2004.
  • Ládi G, Buttyán L, Holczer T. Message format and field semantics inference for binary protocols using recorded network traffic. In: 2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM). IEEE; 2018. p. 1–6.
  • Goo Y-H, Shim K-S, Chae B-M, et al. Framework for precise protocol reverse engineering based on network traces. In: NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium. IEEE; 2018. p. 1–4.
  • Blei DM, Ng AY, Jordan MI. Latent Dirichlet allocation. J Mach Learn Res. 2003;3(Jan):993–1022.
  • Luo X, Chen D, Wang Y, et al. A type-aware approach to message clustering for protocol reverse engineering. Sensors. 2019;19(3):716. doi: 10.3390/s19030716
  • Cohen P, Adams N, Heeringa B. Voting experts: an unsupervised algorithm for segmenting sequences. Intell Data Anal. 2007;11(6):607–625. doi: 10.3233/IDA-2007-11603
  • Duchêne J, Guernic CL, Alata E, et al. State of the art of network protocol reverse engineering tools. J Comput Virol Hacking Tech. 2018;14(1):53–68. doi: 10.1007/s11416-016-0289-8
  • Narayan J, Shukla SK, Clancy TC. A survey of automatic protocol reverse engineering tools. ACM Comput Surv (CSUR). 2016;48(3):40.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.