Outils pour la rétro-conception de protocoles. Analyse et classification

La retro-conception de protocoles de communication consiste a developper des methodes et outils permettant d’inferer un modele de ce protocole. Elle est utilisee dans de nombreux domaines d’application, allant de l’interoperabilite a l’audit de securite. Durant les douze dernieres annees, de nombreux outils ont ete developpes pour automatiser tout ou partie de l’inference de protocole. Ils s’aident de differentes techniques, que les auteurs choisissent et adaptent en fonction du but final de leur retro-conception. Le but de cet article est de presenter un etat de l’art de ces differents outils, en essayant de degager les grandes familles de techniques utilisees jusqu’a ce jour.

[1]  Christopher Krügel,et al.  Prospex: Protocol Specification Extraction , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[2]  Sandeep K. Shukla,et al.  A Survey of Automatic Protocol Reverse Engineering Tools , 2015, ACM Comput. Surv..

[3]  Dawn Xiaodong Song,et al.  Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering , 2009, CCS.

[4]  Li Chen,et al.  A Survey on Methods of Automatic Protocol Reverse Engineering , 2011, 2011 Seventh International Conference on Computational Intelligence and Security.

[5]  Zhiqiang Lin,et al.  ARTISTE: Automatic Generation of Hybrid Data Structure Signatures from Binary Code Executions , 2012 .

[6]  Xiangyu Zhang,et al.  Automatic Reverse Engineering of Data Structures from Binary Execution , 2010, NDSS.

[7]  Nicole Krämer,et al.  ASAP: Automatic Semantics-Aware Analysis of Network Payloads , 2010, PSDML.

[8]  Xuxian Jiang,et al.  Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution , 2008, NDSS.

[9]  Nicole Krämer,et al.  Learning stateful models for network honeypots , 2012, AISec.

[10]  Dawn Song,et al.  Rosetta: Extracting Protocol Semantics using Binary Analysis with Applications to Protocol Replay and NATRewriting , 2007 .

[11]  Herbert Bos,et al.  Dynamic data structure excavation , 2010 .

[12]  Dawn Xiaodong Song,et al.  Automatic protocol reverse-engineering: Message format extraction and field semantics inference , 2013, Comput. Networks.

[13]  Li Guo,et al.  Inferring Protocol State Machine from Real-World Trace , 2010, RAID.

[14]  Guillaume Hiet,et al.  Netzob : un outil pour la rétro-conception de protocoles de communication , 2012 .

[15]  Helen J. Wang,et al.  Discoverer: Automatic Protocol Reverse Engineering from Network Traces , 2007, USENIX Security Symposium.

[16]  Dawn Song,et al.  Grammar and model extraction for security applications using dynamic program binary analysis , 2010 .

[17]  Corrado Leita SGNET : automated protocol learning for the observation of malicious threats , 2008 .

[18]  Herbert Bos,et al.  Howard: A Dynamic Excavator for Reverse Engineering Data Structures , 2011, NDSS.

[19]  Xiangyu Zhang,et al.  Reverse engineering of data structures from binary , 2011 .

[20]  Helen J. Wang,et al.  Tupni: automatic reverse engineering of input formats , 2008, CCS.

[21]  Thomas W. Reps,et al.  Extracting Output Formats from Executables , 2006, 2006 13th Working Conference on Reverse Engineering.

[22]  Mendel Rosenblum,et al.  Understanding data lifetime , 2006 .

[23]  Li Guo,et al.  Inferring Protocol State Machine from Network Traces: A Probabilistic Approach , 2011, ACNS.

[24]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[25]  Guillaume Hiet,et al.  Towards automated protocol reverse engineering using semantic information , 2014, AsiaCCS.

[26]  Yoshio Tateno,et al.  Accuracy of estimated phylogenetic trees from molecular data , 2005, Journal of Molecular Evolution.

[27]  Randy H. Katz,et al.  Protocol-Independent Adaptive Replay of Application Dialog , 2006, NDSS.

[28]  David Brumley,et al.  Replayer: automatic protocol replay by binary analysis , 2006, CCS '06.

[29]  Zhi Wang,et al.  ReFormat: Automatic Reverse Engineering of Encrypted Messages , 2009, ESORICS.

[30]  Christopher Krügel,et al.  Automatic Network Protocol Analysis , 2008, NDSS.

[31]  Marc Dacier,et al.  ScriptGen: an automated script generation tool for Honeyd , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[32]  Paulo Veríssimo,et al.  Reverse Engineering of Protocols from Network Traces , 2011, 2011 18th Working Conference on Reverse Engineering.

[33]  Therese Bohlin,et al.  Regular Inference for Communication Protocol Entities , 2008 .

[34]  Christus,et al.  A General Method Applicable to the Search for Similarities in the Amino Acid Sequence of Two Proteins , 2022 .

[35]  Dawn Xiaodong Song,et al.  MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery , 2011, USENIX Security Symposium.

[36]  Thomas W. Reps,et al.  A Next-Generation Platform for Analyzing Executables , 2005, APLAS.

[37]  Guillaume Hiet,et al.  Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems , 2011, 2011 Conference on Network and Information Systems Security.

[38]  Helen J. Wang,et al.  ShieldGen: Automatic Data Patch Generation for Unknown Vulnerabilities with Informed Probing , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[39]  Georges Bossert,et al.  Exploiting Semantic for the Automatic Reverse Engineering of Communication Protocols. , 2014 .

[40]  Junyuan Zeng,et al.  Towards Automatic Inference of Kernel Object Semantics from Binary Code , 2015, RAID.

[41]  Rui Wang,et al.  Towards automatic reverse engineering of software security configurations , 2008, CCS.

[42]  Zhenkai Liang,et al.  Polyglot: automatic extraction of protocol message format using dynamic binary analysis , 2007, CCS '07.

[43]  Dawn Xiaodong Song,et al.  Inference and analysis of formal models of botnet command and control protocols , 2010, CCS '10.