-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add tools.csv as basis for tool list
- Loading branch information
Showing
1 changed file
with
59 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| (Automatic) protocol reverse engineering tools;;;;;;;;;;;;;; | ||
| ;;;;;;;;;;;;;; | ||
| ;;;;;;Input;;Output;;;Protocols actually analyzed;;; | ||
| Name;Year;Paper(s);Website;Source Code;Active;NetT;ExeT;PF;PFSM;Other Output;Text-based;Binary-based;Hybrid;Others | ||
| Discoverer;2007;W. Cui, J. Kannan, and H. J. Wang, “Discoverer: automatic protocol description generation from network traces,” in Proceedings of the USENIX Security Symposium, 2007. ;;;;x;;x;;;HTTP;RPC;SMB, CIFS; | ||
| Polyglot;2007;J. Caballero, H. Yin, Z. Liang, and D. Song, “Polyglot: automatic extraction of protocol message format using dynamic binary analysis,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS ’07), pp. 317–329, ACM, November 2007.;;;;;x;x;;;HTTP, Samba, ICQ;DNS, IRC;; | ||
| AutoFormat;2008;Z. Lin, X. Jiang, D. Xu, and X. Zhang, “Automatic protocol format reverse engineering through context-aware monitored execution,” in Proceedings of the 15th Symposium on Network and Distributed System Security (NDSS ’08), February 2008.;;;;;x;x;;;HTTP, SIP;DHCP, RIP, OSPF;SMB, CIFS; | ||
| Tupni;2008;W. Cui, M. Peinado, K. Chen, H. J. Wang, and L. Irun-Briz, “Tupni: automatic reverse engineering of input formats,” in Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS ’08), pp. 391–402, ACM, Alexandria, Va, USA, October 2008.;;;;;x;x;;;HTTP, FTP;RPC, DNS, TFTP;;WMF, BMP, JPG, PNG, TIF | ||
| ReFormat;2009;Z. Wang, X. Jiang, W. Cui, X. Wang, and M. Grace, “ReFormat: automatic reverse engineering of encrypted messages,” in Computer Security—ESORICS 2009. ESORICS 2009, M. Backes and P. Ning, Eds., vol. 5789 of Lecture Notes in Computer Science, pp. 200–215, Springer, Berlin, Germany, 2009.;;;;;x;x;;;HTTP, MIME;IRC;;One unknown protocol | ||
| Prospex;2009;P. M. Comparetti, G. Wondracek, C. Kruegel, and E. Kirda, “Prospex: protocol specification extraction,” in Proceedings of the 30th IEEE Symposium on Security and Privacy, pp. 110–125, Berkeley, Calif, USA, May 2009.;;;;x;;x;;;SMTP, SIP;SMB;;Agobot (C&C) | ||
| ProDecoder;2012;Y. Wang, X. Yun, M. Z. Shafiq et al., “A semantics aware approach to automated reverse engineering unknown protocols,” in Proceedings of the 20th IEEE International Conference on Network Protocols (ICNP ’12), pp. 1–10, IEEE, Austin, Tex, USA, November 2012.;;;;x;;x;;;SMTP, SIP;SMB;; | ||
| Wang et al.;2013;Y. Wang, N. Zhang, Y.-M. Wu, B.-B. Su, and Y.-J. Liao, “Protocol formats reverse engineering based on association rules in wireless environment,” in Proceedings of the 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom ’13), pp. 134–141, Melbourne, Australia, July 2013.;;;;x;;x;;;ICMP;ARP;; | ||
| ProGraph;2015;Q. Huang, P. P. C. Lee, and Z. Zhang, “Exploiting intrapacket dependency for fine-grained protocol format inference,” in Proceedings of the 14th IFIP Networking Conference (NETWORKING ’15), Toulouse, France, May 2015.;;;;x;;x;;;HTTP;DNS, BitTorrent, WeChat;; | ||
| Cai et al.;2016;J. Cai, J. Luo, and F. Lei, “Analyzing network protocols of application layer using hidden Semi-Markov model,” Mathematical Problems in Engineering, vol. 2016, Article ID 9161723, 14 pages, 2016.;;;;x;;x;;;HTTP, SSDP;DNS, BitTorrent, QQ, NetBios;; | ||
| WASp;2016;K. Choi, Y. Son, J. Noh, H. Shin, J. Choi, and Y. Kim, “Dissecting customized protocols: automatic analysis for customized protocols based on IEEE 802.15.4,” in Proceedings of the 9th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 183–193, Darmstadt, Germany, July 2016.;;;;x;;x;;;;;;Smart plug & PSD systems | ||
| PEXT;2007;M. Shevertalov and S. Mancoridis, “A reverse engineering tool for extracting protocols of networked applications,” in Proceedings of the 14th Working Conference on Reverse Engineering (WCRE ’07), pp. 229–238, October 2007.;;;;;x;;x;;FTP;;; | ||
| Xiao et al.;2009;M.-M. Xiao, S.-Z. Yu, and Y. Wang, “Automatic network protocol automaton extraction,” in Proceedings of the 3rd International Conference on Network and System Security (NSS ’09), pp. 336–343, October 2009.;;;;;x;;x;;HTTP, FTP, SMTP;;; | ||
| Trifilo et al.;2009;A. Trifilo, S. Burschka, and E. Biersack, “Traffic to protocol reverse engineering,” in Proceedings of the IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–8, July 2009.;;;;x;;;x;;;TCP, DHCP, ARP, KAD;; | ||
| Antunes and Neves;2009;J. Antunes and N. Neves, “Building an automaton towards reverse protocol engineering,” 2009, http://www.di.fc.ul.pt/∼nuno/PAPERS/INFORUM09.pdf.;;;;x;;;x;;FTP;;; | ||
| ReverX;2011;J. Antunes, N. Neves, and P. Verissimo, “Reverse engineering of protocols from network traces,” in Proceedings of the 18th Working Conference on Reverse Engineering (WCRE ’11), pp. 169–178, October 2011.;https://github.com/jasantunes/reverx;x;;x;;;x;;FTP;;; | ||
| Veritas;2011;Y. Wang, Z. Zhang, D. D. Yao, B. Qu, and L. Guo, “Inferring protocol state machine from network traces: a probabilistic approach,” in Proceedings of the 9th Applied Cryptography and Network Security International Conference (ACNS ’11), pp. 1–18, 2011.;;;;x;;;x;;SMTP;PPLIVE, XUNLEI;; | ||
| Zhang et al.;2012;Z. Zhang, Q.-Y. Wen, and W. Tang, “Mining protocol state machines by interactive grammar inference,” in Proceedings of the 2012 3rd International Conference on Digital Manufacturing and Automation (ICDMA ’12), pp. 524–527, August 2012.;;;;x;;;x;;HTTP, SNMP, ISAKMP;;; | ||
| Laroche et al.;2013;P. Laroche, A. Burrows, and A. N. Zincir-Heywood, “How far an evolutionary approach can go for protocol state analysis and discovery,” in Proceedings of the IEEE Congress on Evolutionary Computation (CEC ’13), pp. 3228–3235, June 2013.;;;;x;;;x;;FTP;DHCP;; | ||
| Meng et al.;2014;F. Meng, Y. Liu, C. Zhang, T. Li, and Y. Yue, “Inferring protocol state machine for binary communication protocol,” in Proceedings of the IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA ’14), pp. 870–874, September 2014.;;;;x;;;x;;;TCP, ARP;; | ||
| GAPA;2005;N. Borisov, D. J. Brumley, H. J. Wang, J. Dunagan, P. Joshi, and C. Guo, “Generic application-level protocol analyzer and its language,” MSR Technical Report MSR-TR-2005-133, 2005.;;;;;x;x;x;;HTTP;;; | ||
| Biprominer;2011;Y. Wang, X. Li, J. Meng, Y. Zhao, Z. Zhang, and L. Guo, “Biprominer: automatic mining of binary protocol features,” in Proceedings of the 12th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT ’11), pp. 179–184, October 2011.;;;;x;;x;x;;;XUNLEI, QQLive, SopCast;; | ||
| Netzob;2012;"G. Bossert, F. Guihéry, and G. Hiet, “Towards automated protocol reverse engineering using semantic information,” in Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, Kyoto, Japan, June 2014. | ||
| G. Bossert and F. Guihéry, “Reverse and simulate your enemy botnet C&C,” in Proceedings of the Mapping a P2P Botnet with Netzob, Black Hat 2012, Abu Dhabi, UAE, December 2012.";https://github.com/netzob/netzob;x;x;x;x;x;x;;FTP, Samba;SMB;;Unknown P2P & VoIP protocol | ||
| AutoReEngine;2013;J.-Z. Luo and S.-Z. Yu, “Position-based automatic reverse engineering of network protocols,” Journal of Network and Computer Applications, vol. 36, no. 3, pp. 1070–1077, 2013.;;;;x;;x;x;;HTTP, FTP, SMTP, POP3;DNS, NetBIOS;; | ||
| ScriptGen;2005;C. Leita, K. Mermoud, and M. Dacier, “ScriptGen: an automated script generation tool for Honeyd,” in Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC ’05), pp. 203–214, Tucson, Ariz, USA, December 2005.;;;;x;;;;Dialogs/scripts;HTTP;NetBIOS;;DCE | ||
| RolePlayer;2006;W. Cui, V. Paxson, N. C. Weaver, and R. H. Katz, “Protocolindependent adaptive replay of application dialog,” in Proceedings of the 13th Symposium on Network and Distributed System Security (NDSS ’06), 2006.;;;;x;;;;Dialogs/scripts;HTTP, FTP, SMTP, NFS, TFTP;DNS, BitTorrent, QQ, NetBios;SMB, CIFS; | ||
| Ma et al.;2006;J. Ma, K. Levchenko, C. Kreibich, S. Savage, and G. Voelker, “Automatic protocol inference: unexpected means of identifying protocols,” UCSD Computer Science Technical Report CS2006-0850, 2006.;;;;x;;;;App-identification;HTTP, FTP, SMTP, HTTPS (TCP-Protos);DNS, NetBIOS, SrvLoc (UDP-Protos);; | ||
| Boosting;2008;K. Gopalratnam, S. Basu, J. Dunagan, and H. J. Wang, “Automatically extracting fields from unknown network protocols,” in Proceedings of the 15th Symposium on Network and Distributed System Security (NDSS ’08), 2008.;;;;x;;;;Field(s);;DNS;; | ||
| Dispatcher;2009;J. Caballero, P. Poosankam, C. Kreibich, and D. Song, “Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering,” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS ’09), pp. 621–634, ACM, Chicago, Ill, USA, November 2009.;;;;;x;;;C&C malware;HTTP, FTP, ICQ;DNS;; | ||
| ASAP;2011;T. Krueger, N. Krmer, and K. Rieck, “Asap: automatic semantics-aware analysis of network payloads,” in Proceedings of the ECML/PKDD, 2011.;;;;x;;;;Semantics;HTTP, FTP, IRC, TFTP;;; | ||
| Dispatcher2;2013;J. Caballero and D. Song, “Automatic protocol reverse-engineering: message format extraction and field semantics inference,” Computer Networks, vol. 57, no. 2, pp. 451–474, 2013.;;;;;x;;;C&C malware;HTTP, FTP, ICQ;DNS;SMB; | ||
| ProVeX;2013;C. Rossow and C. J. Dietrich, “PROVEX: detecting botnets with encrypted command and control channels,” in Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 2013.;;;;x;;;;Signatures;HTTP, SMTP, IMAP;DNS, VoIP, XMPP;;Malware Family Protocols | ||
| PIP;2014;M. Beddoe, “The protocol informatics project,” 2014, http://www.4tphi.net/∼awalters/PI/PI.html.;;;;x;;;;Keywords/ fields;HTTP;;; | ||
| FieldHunter;2015;I. Bermudez, A. Tongaonkar, M. Iliofotou, M. Mellia, and M. M. Munafo, “Automatic protocol field inference for deeper protocol understanding,” in Proceedings of the 14th IFIP Networking Conference (Networking ’15), pp. 1–9, May 2015.;;;;x;;;;Fields;MSNP;DNS;;SopCast, Ramnit | ||
| RS Cluster;2015;J.-Z. Luo, S.-Z. Yu, and J. Cai, “Capturing uncertainty information and categorical characteristics for network payload grouping in protocol reverse engineering,” Mathematical Problems in Engineering, vol. 2015, Article ID 962974, 9 pages, 2015.;;;;x;;;;Grouped-messages;FTP, SMTP, POP3, HTTPS;DNS, XunLei, BitTorrent, BitSpirit, QQ, eMule;;MSSQL, Kugoo, PPTV | ||
| UPCSS;2015;R. Lin, O. Li, Q. Li, and Y. Liu, “Unknown network protocol classification method based on semi supervised learning,” in Proceedings of the IEEE International Conference on Computer and Communications (ICCC ’15), pp. 300–308, Chengdu, China, October 2015.;;;;x;;;;Proto-classification;HTTP, FTP, SMTP, POP3, IMAP;DNS, SSL, SSH;SMB; | ||
| PowerShell;2017;D. R. Fletcher Jr., Identifying Vulnerable Network Protocols with PowerShell, SANS Institute Reading Room site, 2017.;;;;x;;;;Dialogs/scripts;;ARP, OSPF, DHCP, STP;;CDP/DTP/VTP, HSRP, LLDP, LLMNR, mDNS, NBNS, VRRP | ||
| ProPrint;2017;Y. Wang, X. Yun, Y. Zhang, L. Chen, and G. Wu, “A nonparametric approach to the automated protocol fingerprint inference,” Journal of Network and Computer Applications, vol. 99, pp. 1–9, 2017.;;;;x;;;;Fingerprints;;;; | ||
| ProHacker;2017;Y. Wang, X. Yun, Y. Zhang, L. Chen, and T. Zang, “Rethinking robust and accurate application protocol identification,” Computer Networks, vol. 129, pp. 64–78, 2017.;;;;x;;;;Keywords;;;; | ||
| PI Project;2004;"Beddoe, M.: Network Protocol Analysis using Bioinformatics Algorithms. (2004). http://www.4tphi.net/~awalters/PI/pi.pdf | ||
| Beddoe, M.: Protocol Informatics Project. (2004). http://www.4tphi.net/~awalters/PI/PI.html ";;;;x;;;;;;;; | ||
| FFE/x86;2006;Lim, J., Reps, T., Liblit, B.: Extracting output formats from executables. In: 13th Working Conference on Reverse Engineering, 2006. WCRE ’06, pp. 167–178. IEEE, Benevento (2006). doi:10.1109/WCRE.2006.29;;;;;x;;;;;;; | ||
| Replayer;2006;Cui, W., Paxson, V., Weaver, N., Katz, R.H.: Protocol-independent adaptive replay of application dialog. In: Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego (2006). http://research.microsoft.com/apps/pubs/default.aspx?id=153197;;;;;x;;;;;;; | ||
| Rosetta;2007;Caballero, J., Song, D.: Rosetta: Extracting Protocol Semantics Using Binary Analysis with Applications to Protocol Replay and NAT Rewriting. Technical Report CMU-CyLab-07-014, Carnegie Mellon University, Pittsburgh (2007);;;;;x;;;;;;; | ||
| ConfigRE;2008;Wang, R., Wang, X., Zhang, K., Li, Z.: Towards automatic reverse engineering of software security configurations. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS ’08, pp. 245–256. ACM, Limerick (2008). doi:10.1145/1455770.1455802;;;;;x;;;;;;; | ||
| Fuzzgrind;2009;Campana, G.: Fuzzgrind: an automatic fuzzing tool. In: Hack. lu. Hack. lu, Luxembourg (2009);;;;;x;;;;;;; | ||
| REWARDS;2010;Lin, Z., Zhang, X., Xu, D.: Automatic reverse engineering of data structures from binary execution. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego (2010);;;;;x;;;;;;; | ||
| MACE;2010;"Cho, C.Y., Babi D., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS ’10, pp. 426–439. ACM, New York, NY (2010). doi:10.1145/1866307.1866355 | ||
| Cho, C.Y., Babi, D., Poosankam, P., Chen, K.Z., Wu, E.X., Song, D.: MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery. In: Proceedings of the 20th USENIX Conference on Security, SEC’11, p. 19. USENIX Association, Berkeley, CA (2011)";;;;;x;;;;;;; | ||
| Howard;2011;Slowinska, A., Stancescu, T., Bos, H.: Howard: a dynamic excavator for reverse engineering data structures. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego (2011);;;;;x;;;;;;; | ||
| PRISMA;2012;Krueger, T., Gascon, H., Krmer, N., Rieck, K.: Learning stateful models for network honeypots. In: Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, AISec ’12, pp. 37–48. ACM, New York, NY (2012). doi:10.1145/2381896.2381904;;;;x;;;;;;;; | ||
| ARTISTE;2012;Caballero, J., Grieco, G., Marron, M., Lin, Z., Urbina, D.: ARTISTE: Automatic Generation of Hybrid Data Structure Signatures from Binary Code Executions. Technical Report TR-IMDEA-SW-2012-001, IMDEA Software Institute, Madrid (2012);;;;;x;;;;;;; | ||
| AFL;2014;Zalewski, M.: American Fuzzy Loop. http://lcamtuf.coredump.cx/afl/technical_details.txt;;;;;x;;;;;;; | ||
| ARGOS;2015;Zeng, J., Lin, Z.: Towards automatic inference of kernel object semantics from binary code. In: 18th International Symposium, RAID 2015, vol. 9404, pp. 538–561. Springer, Kyoto (2015). doi:10.1007/978-3-319-26362-5;;;;;x;;;;;;; |