Jared Chandler (Tufts University)

Reverse engineering message formats from static network traces is a difficult and time consuming security task, critical for a variety of purposes: bug-finding via fuzz testing, automatic exploit generation, understanding the communications of hostile systems, and recovering specifications that are proprietary or have been lost. In this talk we describe our experiences evaluating BinaryInferno, a tool for automatically reverse engineering binary message formats from network traces. We discuss considerations for selecting protocols to evaluate, determining message format ground truth, and assembling representative datasets. Two issues we examine are the availability of real-world captures for malware protocols, and the need to validate that individual protocol messages actually conform to their ground truth specifications. We detail the engineering aspects of comparing BinaryInferno against related tools, the issues which arose, and how we address them. We examine different evaluation metrics and their tradeoffs as related to uncovering unknown message formats. We discuss how we handled the different representations of message format produced by each related tool. Finally, we conclude with a set of recommendations for future experiments involving protocol reverse engineering.

Speaker’s Biography

Jared Chandler is a PhD candidate studying Computer Science at Tufts University. His research focuses on computer security with an emphasis on automatic methods to reverse engineer unknown binary protocols, human computer interaction, and cyber deception.

View More Papers

Measuring Messengers: Analyzing Infrastructures and Message Timings to Extract...

Theodor Schnitzler (Research Center Trustworthy Data Science and Security, TU Dortmund, and Ruhr-Universität Bochum)

Read More

BARS: Local Robustness Certification for Deep Learning based Traffic...

Kai Wang (Tsinghua University), Zhiliang Wang (Tsinghua University), Dongqi Han (Tsinghua University), Wenqi Chen (Tsinghua University), Jiahai Yang (Tsinghua University), Xingang Shi (Tsinghua University), Xia Yin (Tsinghua University)

Read More

A Case Study on Fuzzing Satellite Firmware

Tobias Scharnowski and Felix Buchmann (Ruhr-Universitat Bochum), Simon Woerner and Thorsten Holz (CISPA Helmholtz Center for Information Security) Presenter: Tobias Scharnowski

Read More