A Survey of Automatic Protocol Reverse Engineering Tools
| Autor: | Sandeep K. Shukla, T. Charles Clancy, John Narayan |
|---|---|
| Rok vydání: | 2015 |
| Předmět: |
Reverse engineering
General Computer Science Computer science business.industry computer.internet_protocol Distributed computing 05 social sciences Legacy system General Inter-ORB Protocol 020206 networking & telecommunications Deep packet inspection 02 engineering and technology Intrusion detection system computer.software_genre Theoretical Computer Science 0502 economics and business 0202 electrical engineering electronic engineering information engineering 050207 economics Software engineering business Communications protocol computer Protocol (object-oriented programming) Reverse Address Resolution Protocol |
| Zdroj: | ACM Computing Surveys. 48:1-26 |
| ISSN: | 1557-7341 0360-0300 |
| DOI: | 10.1145/2840724 |
| Popis: | Computer network protocols define the rules in which two entities communicate over a network of unique hosts. Many protocol specifications are unknown, unavailable, or minimally documented, which prevents thorough analysis of the protocol for security purposes. For example, modern botnets often use undocumented and unique application-layer communication protocols to maintain command and control over numerous distributed hosts. Inferring the specification of closed protocols has numerous advantages, such as intelligent deep packet inspection, enhanced intrusion detection system algorithms for communications, and integration with legacy software packages. The multitude of closed protocols coupled with existing time-intensive reverse engineering methodologies has spawned investigation into automated approaches for reverse engineering of closed protocols. This article summarizes and organizes previously presented automatic protocol reverse engineering tools by approach. Approaches that focus on reverse engineering the finite state machine of a target protocol are separated from those that focus on reverse engineering the protocol format. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|