Protocol State Machine Reverse Engineering with a Teaching-Learning Approach

Gábor Székely; Gergő Ládi; Tamás Holczer; Levente Buttyán

doi:10.14232/actacyb.288213

Gábor Székely Laboratory of Cryptography and System Security, Department of Networked Systems and Services, Budapest University of Technology and Economics, Hungary; Ukatemi Technologies https://orcid.org/0000-0001-6148-3948
Gergő Ládi Laboratory of Cryptography and System Security, Department of Networked Systems and Services, Budapest University of Technology and Economics, Hungary; BME Balatonfüred Student Research Group, Hungary https://orcid.org/0000-0002-0318-2175
Tamás Holczer Laboratory of Cryptography and System Security, Department of Networked Systems and Services, Budapest University of Technology and Economics, Hungary https://orcid.org/0000-0003-0953-5397
Levente Buttyán Laboratory of Cryptography and System Security, Department of Networked Systems and Services, Budapest University of Technology and Economics, Hungary https://orcid.org/0000-0003-4233-2559

DOI: https://doi.org/10.14232/actacyb.288213

Keywords: automated protocol reverse engineering, state machines, Mealy machines

Abstract

In this work, we propose a novel solution to the problem of inferring the state machine of an unknown protocol. We extend and improve prior results on inferring Mealy machines, and present a new algorithm that accesses and interacts with a networked system that runs the unknown protocol in order to infer the Mealy machine representing the protocol's state machine. To demonstrate the viability of our approach, we provide an implementation and illustrate the operation of our algorithm on a simple example protocol, as well as on two real-world protocols, Modbus and MQTT.

Downloads

Download data is not yet available.