DynPRE: Protocol Reverse Engineering via Dynamic Inference
Zhengxiong Luo
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · Reverse Engineering
In the realm of network security, understanding unknown protocol specifications is a foundational yet formidable challenge. This task, known as **protocol reverse engineering (PRE)**, is indispensable for a myriad of critical security applications, including **fuzzing**, **model checking**, **automatic exploit generation**, and even **code generation**. A precise recovery of a protocol's format and state machine forms the bedrock for generating legitimate packet sequences for fuzzing or constructing accurate models for formal verification. However, existing PRE methodologies often grapple with significant limitations, either demanding access to source code or binaries (which are frequently unavailable for proprietary or embedded systems) or suffering from low accuracy due to their reliance on static network traces.