Icefex: Protocol Format Extraction from IL-based Concolic Execution |
Pan, Fan
(Institute of Command Automation, PLA University of Science and Technology)
Wu, Li-Fa (Institute of Command Automation, PLA University of Science and Technology) Hong, Zheng (Institute of Command Automation, PLA University of Science and Technology) Li, Hua-Bo (Institute of Command Automation, PLA University of Science and Technology) Lai, Hai-Guang (Institute of Command Automation, PLA University of Science and Technology) Zheng, Chen-Hui (Institute of Command Automation, PLA University of Science and Technology) |
1 | D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M.G. Kang, Z. Liang, J. Newsome, P. Poosankam and P. Saxena, "BitBlaze: A New Approach to Computer Security via Binary Analysis," ICISS, LNCS 5352, pp. 1-25, 2008 |
2 | IDA Pro, http://www.hex-rays.com/products/ida/index.shtml |
3 | A. V. Aho, M. S. Lam, R. Sethi and J. D. Ullman, Compilers: Principles, Techniques and Tools, Second Edition, Addison Wesley, 2006. |
4 | STP Solver, http://people.csail.mit.edu/vganesh/STP_files/stp.html |
5 | Wireshark. http://www.wireshark.org/ |
6 | J. Caballero, H. Yin, Z. Liang, D. Song, "Polyglot: Automatic Extraction of Protocol Format using Dynamic Binary Analysis," in Proc. of 14th ACM Conference on Computer and Communications Security, pp. 317-329, September 29-October 2, 2007. |
7 | Z. Lin, X. Jiang, D. Xu and X. Zhang , "Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution," in Proc. of 15th Symposium on Network and Distributed System Security, February 8-11, 2008. |
8 | G. Wondracek, P. Comparetti, C. Kruegel and E. Kirda, "Automatic network protocol analysis," in Proc. of 15th Symposium on Network and Distributed System Security, February 8-11, 2008. |
9 | W. Cui, M. Peinado, K. Chen, H.J. Wang and L. Irun-Briz, "Tupni: Automatic Reverse Engineering of Input Formats," in Proc. of 15th ACM Conference on Computer and Communications Security, pp. 391-402, October 27-31, 2008. |
10 | J. Caballero, P. Poosankam, C. Kreibich and D. Song, "Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering," in Proc. of 16th ACM Conference on Computer and Communications Security, pp. 621-634, November 9-13, 2009. |
11 | David Brumley and Ivan Jager, The BAP Handbook, http://bap.ece.cmu.edu/doc/bap.pdf |
12 | P. Godefroid, N. Klarlund and K. Sen, "DART: directed automated random testing," in Proc. of the 2005 ACM SIGPLAN Conference on Programing Language Design and Implementation, pp. 213-223, June 12-15, 2005. |
13 | K. Sen, D. Marinov and G. Agha, "Cute: a concolic unit testing engine for c," in Proc. of 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 263-272, September 5-9, 2005. |
14 | Intel IA-32 Architectures Software Developer's Manual. http://download.intel.com/products/ processor/manual/253667.pdf |
15 | P. Saxena, P. Poosankam, S. McCamant and D. Song, "Loop-extended symbolic execution on binary programs," in Proc. of 18th International Symposium on Software Testing and Analysis, pp. 225-236, July 19-23, 2009. |
16 | A. Slowinska and H. Bos, "Pointless tainting?: evaluating the practicality of pointer tainting," in Proc. of 4th ACM European conference on Computer systems, pp. 61-74, April 1-3, 2009. |
17 | P. M. Comparetti, G. Wondracek, C. Kruegel, and E. Kirda, "Prospex: Protocol specification extraction," in Proc. of 30th IEEE Symposium on Security and Privacy, pp. 110-125, May 17-20, 2009. |
18 | B. Xin and X. Zhang, "Efficient online detection of dynamic control dependence," in Proc. of 16th International Symposium on Software Testing and Analysis, pp. 185-195, July 9-12, 2007. |
19 | Z. Lin and X. Zhang, "Deriving input syntactic structure from execution," in Proc. of 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp.83-93, November 9-15, 2008 |
20 | P. Godefroid, A. Kiezun and M.Y. Levin, "Grammar-based whitebox fuzzing," ACM SIGPLAN Notices, vol. 43, no. 6, pp. 206-215, June, 2008. |
21 | H. Dreger, A. Feldmann, M. Mai, V. Paxson and R. Sommer, "Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection," in Proc. of 15th USENIX Security Symposium, pp.257-272, July 31-August 1, 2006. |
22 | V. Paxson, "Bro: A system for detecting network intruders in real time," Computer Networks, vol. 31, no. 23, pp. 2435-2463, 1999. DOI ScienceOn |
23 | J. Caballero, S. Venkataraman, P. Poosankam, M. G. Kang, D. Song, and A. Blum, "FiG: Automatic fingerprint generation," in Proc. of 14th Annual Network and Distributed System Security Symposium, February 28-March 2, 2007. |
24 | About Pidgin, http://www.pidgin.im/about/ |
25 | Protocol information project, http://www.4tphi.net/-awalters/PI/PI.html |
26 | C. Leita, K. Mermoud and M. Dacier, "Scriptgen: an automated script generation tool for honeyd," in Proc. of 21st Annual Computer Security Applications Conference, pp. 203-214, December 5-9, 2005. |
27 | W. Cui, V. Paxson, N. C. Weaver and R. H. Katz, "Protocol-Independent Adaptive Replay of Application Dialog," in Proc. of 13th Network and Distributed System Security Symposium, February, 2006. |
28 | W. Cui, J. Kannan and H. Wang, "Discoverer: automatic protocol reverse engineering from network traces," in Proc. of 16th USENIX Security Symposium, pp. 1-14, August 6-10, 2007. |
![]() |