ReverX: Reverse Engineering of Protocols

Communication protocols determine how network components interact with each other. Therefore, the ability to derive a speci cation of a protocol can be useful in various contexts, such as to support deeper black-box testing or e ective defense mechanisms. Unfortunately, it is often hard to obtain the speci cation because systems implement closed (i.e., undocumented) protocols, or because a time consuming translation has to be performed, from the textual description of the protocol to a format readable by the tools. To address these issues, we propose a new methodology to automatically infer a speci cation of a protocol from network traces, which generates automata for the protocol language and state machine. Since our solution only resorts to interaction samples of the protocol, it is well-suited to uncover the message formats and protocol states of closed protocols and also to automate most of the process of specifying open protocols. The approach was implemented in ReverX and experimentally evaluated with publicly available FTP traces. Our results show that the inferred speci cation is a good approximation of the reference speci cation, exhibiting a high level of precision and recall.