Jared Chandler (Tufts University)

Reverse engineering message formats from static network traces is a difficult and time consuming security task, critical for a variety of purposes: bug-finding via fuzz testing, automatic exploit generation, understanding the communications of hostile systems, and recovering specifications that are proprietary or have been lost. In this talk we describe our experiences evaluating BinaryInferno, a tool for automatically reverse engineering binary message formats from network traces. We discuss considerations for selecting protocols to evaluate, determining message format ground truth, and assembling representative datasets. Two issues we examine are the availability of real-world captures for malware protocols, and the need to validate that individual protocol messages actually conform to their ground truth specifications. We detail the engineering aspects of comparing BinaryInferno against related tools, the issues which arose, and how we address them. We examine different evaluation metrics and their tradeoffs as related to uncovering unknown message formats. We discuss how we handled the different representations of message format produced by each related tool. Finally, we conclude with a set of recommendations for future experiments involving protocol reverse engineering.

Speaker’s Biography

Jared Chandler is a PhD candidate studying Computer Science at Tufts University. His research focuses on computer security with an emphasis on automatic methods to reverse engineer unknown binary protocols, human computer interaction, and cyber deception.

View More Papers

PISE: Protocol Inference using Symbolic Execution and Automata Learning

Ron Marcovich, Orna Grumberg, Gabi Nakibly (Technion, Israel Institute of Technology)

Read More

BANS: Evaluation of Bystander Awareness Notification Systems for Productivity...

Shady Mansour (LMU Munich), Pascal Knierim (Universitat Innsbruck), Joseph O’Hagan (University of Glasgow), Florian Alt (University of the Bundeswehr Munich), Florian Mathis (University of Glasgow)

Read More

Cryptographic Oracle-based Conditional Payments

Varun Madathil (North Carolina State University), Sri Aravinda Krishnan Thyagarajan (NTT Research), Dimitrios Vasilopoulos (IMDEA Software Institute), Lloyd Fournier (None), Giulio Malavolta (Max Planck Institute for Security and Privacy), Pedro Moreno-Sanchez (IMDEA Software Institute)

Read More

Semi-Automated Synthesis of Driving Rules

Diego Ortiz, Leilani Gilpin, Alvaro A. Cardenas (University of California, Santa Cruz)

Read More