Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Shameng Wen; Qingkun Meng; Chao Feng; Chaojing Tang

doi:10.1371/journal.pone.0186188

PLoS ONE (Jan 2017)

Protocol vulnerability detection based on network traffic analysis and binary reverse engineering.

Shameng Wen,
Qingkun Meng,
Chao Feng,
Chaojing Tang

Affiliations

Shameng Wen
Qingkun Meng
Chao Feng
Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0186188
Journal volume & issue: Vol. 12, no. 10
p. e0186188

Abstract

Read online

Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Published in PLoS ONE

ISSN: 1932-6203 (Online)
Publisher: Public Library of Science (PLoS)
Country of publisher: United States
LCC subjects: Medicine; Science
Website: https://journals.plos.org/plosone/

About the journal