Full Text:  <69>

CLC number: 

On-line Access: 2024-11-05

Received: 2024-06-06

Revision Accepted: 2024-09-06

Crosschecked: 0000-00-00

Cited: 0

Clicked: 108

Citations:  Bibtex RefMan EndNote GB/T7714

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering 

Accepted manuscript available online (unedited version)


Active inference of protocol state machines from incomplete message domains


Author(s):  Maohua GUO, Yuefei ZHU, Jinlong FEI

Affiliation(s):  Key Laboratory of Cyberspace Security, Ministry of Education, Zhengzhou 450001, China

Corresponding email(s):  czxing.2019@outlook.com, yfzhu17@sina.com, feijinlong_2021@163.com

Key Words:  Protocol reverse engineering (PRE); Protocol state machine; Active inference; Incomplete message domains; Input space


Share this article to: More <<< Previous Paper|Next Paper >>>

Maohua GUO, Yuefei ZHU, Jinlong FEI. Active inference of protocol state machines from incomplete message domains[J]. Frontiers of Information Technology & Electronic Engineering,in press.https://doi.org/10.1631/FITEE.2400487

@article{title="Active inference of protocol state machines from incomplete message domains",
author="Maohua GUO, Yuefei ZHU, Jinlong FEI",
journal="Frontiers of Information Technology & Electronic Engineering",
year="in press",
publisher="Zhejiang University Press & Springer",
doi="https://doi.org/10.1631/FITEE.2400487"
}

%0 Journal Article
%T Active inference of protocol state machines from incomplete message domains
%A Maohua GUO
%A Yuefei ZHU
%A Jinlong FEI
%J Frontiers of Information Technology & Electronic Engineering
%P
%@ 2095-9184
%D in press
%I Zhejiang University Press & Springer
doi="https://doi.org/10.1631/FITEE.2400487"

TY - JOUR
T1 - Active inference of protocol state machines from incomplete message domains
A1 - Maohua GUO
A1 - Yuefei ZHU
A1 - Jinlong FEI
J0 - Frontiers of Information Technology & Electronic Engineering
SP -
EP -
%@ 2095-9184
Y1 - in press
PB - Zhejiang University Press & Springer
ER -
doi="https://doi.org/10.1631/FITEE.2400487"


Abstract: Inferring protocol state machines from observable information presents a significant challenge in protocol reverse engineering (PRE), especially when passively collected traffic suffers from message loss, resulting in an incomplete protocol state space. This paper introduces an innovative method for actively inferring protocol state machines using the MAT framework. By incorporating session completion and deterministic mutation techniques, this method broadens the range of protocol messages, thereby constructing a more comprehensive input space for the protocol state machine from an incomplete message domain. Additionally, the efficiency of active inference is improved through several optimizations, including traffic deduplication, the construction of an Expanded Prefix Tree Acceptor (EPTA), query optimization based on responses, and random counterexample generation for the algorithm. Experiments on the RTSP and SMTP protocols, using Live555 and EXIM implementations across multiple versions, demonstrate that this approach yields more comprehensive protocol state machines with enhanced execution efficiency. Compared to the algorithm implemented by AALpy, Act_Infer achieves an average reduction of 40% in execution time, and significantly reduces connection and interaction times by 25% and 50%, respectively.

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE