Jared Chandler (Tufts University)

Reverse engineering message formats from static network traces is a difficult and time consuming security task, critical for a variety of purposes: bug-finding via fuzz testing, automatic exploit generation, understanding the communications of hostile systems, and recovering specifications that are proprietary or have been lost. In this talk we describe our experiences evaluating BinaryInferno, a tool for automatically reverse engineering binary message formats from network traces. We discuss considerations for selecting protocols to evaluate, determining message format ground truth, and assembling representative datasets. Two issues we examine are the availability of real-world captures for malware protocols, and the need to validate that individual protocol messages actually conform to their ground truth specifications. We detail the engineering aspects of comparing BinaryInferno against related tools, the issues which arose, and how we address them. We examine different evaluation metrics and their tradeoffs as related to uncovering unknown message formats. We discuss how we handled the different representations of message format produced by each related tool. Finally, we conclude with a set of recommendations for future experiments involving protocol reverse engineering.

Speaker’s Biography

Jared Chandler is a PhD candidate studying Computer Science at Tufts University. His research focuses on computer security with an emphasis on automatic methods to reverse engineer unknown binary protocols, human computer interaction, and cyber deception.

View More Papers

Building the VPNalyzer System

Reethika Ramesh (University of Michigan), Leonid Evdokimov (Independent), Diwen Xue, Roya Ensafi (University of Michigan)

Read More

ReScan: A Middleware Framework for Realistic and Robust Black-box...

Kostas Drakonakis (FORTH), Sotiris Ioannidis (Technical University of Crete), Jason Polakis (University of Illinois at Chicago)

Read More

Cryptographic Oracle-based Conditional Payments

Varun Madathil (North Carolina State University), Sri Aravinda Krishnan Thyagarajan (NTT Research), Dimitrios Vasilopoulos (IMDEA Software Institute), Lloyd Fournier (None), Giulio Malavolta (Max Planck Institute for Security and Privacy), Pedro Moreno-Sanchez (IMDEA Software Institute)

Read More

Automatic Retrieval of Privacy Factors from IoMT Policies: ML...

Nyteisha Bookert, Mohd Anwar (North Carolina Agricultural and Technical State University)

Read More