Jared Chandler (Tufts University)

Reverse engineering message formats from static network traces is a difficult and time consuming security task, critical for a variety of purposes: bug-finding via fuzz testing, automatic exploit generation, understanding the communications of hostile systems, and recovering specifications that are proprietary or have been lost. In this talk we describe our experiences evaluating BinaryInferno, a tool for automatically reverse engineering binary message formats from network traces. We discuss considerations for selecting protocols to evaluate, determining message format ground truth, and assembling representative datasets. Two issues we examine are the availability of real-world captures for malware protocols, and the need to validate that individual protocol messages actually conform to their ground truth specifications. We detail the engineering aspects of comparing BinaryInferno against related tools, the issues which arose, and how we address them. We examine different evaluation metrics and their tradeoffs as related to uncovering unknown message formats. We discuss how we handled the different representations of message format produced by each related tool. Finally, we conclude with a set of recommendations for future experiments involving protocol reverse engineering.

Speaker’s Biography

Jared Chandler is a PhD candidate studying Computer Science at Tufts University. His research focuses on computer security with an emphasis on automatic methods to reverse engineer unknown binary protocols, human computer interaction, and cyber deception.

View More Papers

Semi-Automated Synthesis of Driving Rules

Diego Ortiz, Leilani Gilpin, Alvaro A. Cardenas (University of California, Santa Cruz)

Read More

POSE: Practical Off-chain Smart Contract Execution

Tommaso Frassetto (Technical University of Darmstadt), Patrick Jauernig (Technical University of Darmstadt), David Koisser (Technical University of Darmstadt), David Kretzler (Technical University of Darmstadt), Benjamin Schlosser (Technical University of Darmstadt), Sebastian Faust (Technical University of Darmstadt), Ahmad-Reza Sadeghi (Technical University of Darmstadt)

Read More

QUICforge: Client-side Request Forgery in QUIC

Yuri Gbur (Technische Universität Berlin), Florian Tschorsch (Technische Universität Berlin)

Read More

SoundLock: A Novel User Authentication Scheme for VR Devices...

Huadi Zhu (The University of Texas at Arlington), Mingyan Xiao (The University of Texas at Arlington), Demoria Sherman (The University of Texas at Arlington), Ming Li (The University of Texas at Arlington)

Read More