Breaking the Traffic Barrier: Unveiling Multi-Format of Protocols via Autonomous Program Exploration
Protocol reverse engineering (PRE) aims to infer the protocol formats of unknown protocols. Existing techniques, whether Network-trace based or Execution-trace based methods, face two main limitations: a reliance on the quality and scale of traffic datasets, which often leads to low accuracy and poor generalization; and a failure to adequately consider the multi-format characteristic prevalent in real-world protocols (i.e., the same protocol may support multiple different formats).
To address these challenges, we propose ProbePRE—a PRE tool that performs multi-format extraction on protocol handlers by autonomously generating packets. ProbePRE employs three key techniques: (1) an execution tracing strategy enhanced with implicit data flow analysis to obtain more detailed execution information; (2) constraint extraction methods tailored for different program structures to pass protocol validation; and (3) an innovative constraint combination algorithm to construct effective packets that guide the protocol handler to execute diverse protocol parsing paths. In our experimental evaluation, we compared ProbePRE with 4 state-of-the-art PRE tools in terms of field segmentation accuracy. The results demonstrated that ProbePRE achieved an F1 score of 0.88, significantly outperforming existing methods. Furthermore, evaluations on 6 protocol handlers indicated that ProbePRE attained 83% completeness in multi-format extraction tasks. Notably, in basic block coverage tests, ProbePRE achieved a 67% improvement over traditional traffic dataset methods, which fully validates the effectiveness of its path exploration capabilities.
Wed 19 NovDisplayed time zone: Seoul change
14:00 - 15:30 | Program Analysis 2Research Papers at Grand Hall 4 Chair(s): Raffi Khatchadourian CUNY Hunter College | ||
14:00 10mTalk | Incremental Program Analysis in the Wild: An Empirical Study on Real-World Program Changes Research Papers Xizao Wang Nanjing University, Xiangrong Bin Nanjing University, Lanxin Huang Nanjing University, Shangqing Liu Nanjing University, Jianhua Zhao Nanjing University, China, Lei Bu Nanjing University | ||
14:10 10mTalk | Spinner: Detecting Locking Violations in the eBPF Runtime Research Papers Priya Govindasamy University of California, Irvine, Joseph Bursey University of California, Irvine, Hsin-Wei Hung Meta, Ardalan Amiri Sani University of California, Irvine | ||
14:20 10mTalk | Towards More Accurate Static Analysis for Taint-style Bug Detection in Linux Kernel Research Papers Haonan Li University of California at Riverside, USA, Hang Zhang Indiana University, Kexin Pei The University of Chicago, Zhiyun Qian University of California at Riverside, USA Pre-print | ||
14:30 10mTalk | Automated Insertion of Flushes and Fences for Persistency Research Papers Yutong Guo University of California, Irvine, Weiyu Luo University of California, Irvine, Brian Demsky University of California at Irvine | ||
14:40 10mTalk | DIFFFIX: Incrementally Fixing AST Diffs via Context and Type Information Research Papers Guofeng Zeng University of Science and Technology Beijing, Chang-ai Sun University of Science and Technology Beijing, Kai Gao University of Science and Technology Beijing, Huai Liu Swinburne University of Technology | ||
14:50 10mTalk | Breaking the Traffic Barrier: Unveiling Multi-Format of Protocols via Autonomous Program Exploration Research Papers Dingzhao Xue Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Yibo Qu Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Bowen Jiang Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Xin Chen , Shuaizong Si Institute of Information Engineering of CAS, College of Cyberspace Security, Chinese Academy of Sciences, Shichao Lv Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiqiang Shi Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
15:00 10mTalk | Loupe: End-to-End Learning of Loop Unrolling Heuristics for Abstract Interpretation Research Papers Maykel Mattar Université Paris-Saclay, CEA, List / Université Bretagne Sud, IRISA, Michele Alberti CEA, LIST, France, Valentin Perrelle CEA, LIST, France, Salah Sadou IRISA & CNRS, Universite Bretagne Sud,France | ||
15:10 10mTalk | Belief Propagation with Local Structure and Its Applications in Program Analysis Research Papers Yiqian Wu Peking University, China, Yifan Chen Peking University, Yingfei Xiong Peking University, Xin Zhang Peking University Pre-print | ||
15:20 10mTalk | On the Correctness of Software Merge Research Papers Akira Mori National Institute of Advanced Industrial Science and Technology (AIST), Masatomo Hashimoto Chiba Institute of Technology Media Attached | ||