Learning Fragments of the TCP Network Protocol

We apply automata learning techniques to learn fragments of the TCP network protocol by observing its external behaviour. We show that different implementations of TCP in Windows 8 and Ubuntu induce different automata models, thus allowing for fingerprinting of these implementations. In order to infer our models we use the notion of a mapper component introduced by Aarts, Jonsson and Uijen, which abstracts the large number of possible TCP packets into a limited number of abstract actions that can be handled by the regular inference tool LearnLib. Inspection of the learned models reveals that both Windows 8 and Ubuntu 13.10 violate RFC 793.

[1]  Tiziana Margaria,et al.  LearnLib: a framework for extrapolating behavioral models , 2009, International Journal on Software Tools for Technology Transfer.

[2]  Frits W. Vaandrager,et al.  Applying Automata Learning to Embedded Control Software , 2015, ICFEM.

[3]  Dawn Xiaodong Song,et al.  Inference and analysis of formal models of botnet command and control protocols , 2010, CCS '10.

[4]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[5]  Jan Maluszy¿ski Verification, Model Checking, and Abstract Interpretation , 2009, Lecture Notes in Computer Science.

[6]  J. P. Ed,et al.  Transmission control protocol- darpa internet program protocol specification , 1981 .

[7]  Frits W. Vaandrager,et al.  Automata Learning through Counterexample Guided Abstraction Refinement , 2012, FM.

[8]  Ana Cavalcanti,et al.  FM 2009: Formal Methods, Second World Congress, Eindhoven, The Netherlands, November 2-6, 2009. Proceedings , 2009, FM.

[9]  Roland Groz,et al.  Inferring Mealy Machines , 2009, FM.

[10]  Joeri de Ruiter,et al.  Formal Models of Bank Cards for Free , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation Workshops.

[11]  Hardi Hungar,et al.  Model Generation by Moderated Regular Extrapolation , 2002, FASE.

[12]  Tiziana Margaria,et al.  Next Generation LearnLib , 2011, TACAS.

[13]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[14]  Marius Minea,et al.  Model inference and security testing in the spacios project , 2014, 2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering, and Reverse Engineering (CSMR-WCRE).

[15]  Bengt Jonsson,et al.  Generating models of infinite-state communication protocols using regular inference with abstraction , 2015, Formal Methods Syst. Des..

[16]  Sally Floyd,et al.  On inferring TCP behavior , 2001, SIGCOMM 2001.

[17]  Bengt Jonsson,et al.  Inferring Canonical Register Automata , 2012, VMCAI.

[18]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[19]  Hüsnü Yenigün,et al.  Testing Software and Systems , 2015, Lecture Notes in Computer Science.