Please use this identifier to cite or link to this item:
Title: Using Segment-Based Alignment to Extract Packet Structures from Network Traces
Authors: Esoul, Othman
Walkinshaw, Neil
First Published: 15-Aug-2017
Presented at: IEEE International Conference on Quality, Reliability and Security QRS 2017
Publisher: IEEE
Citation: IEEE International Conference on Quality, Reliability and Security, 2017
Abstract: Many applications in security, from understanding unfamiliar protocols to fuzz-testing and guarding against potential attacks, rely on analysing network protocols. In many situations we cannot rely on access to a specification or even an implementation of the protocol, and must instead rely on raw network data “sniffed” from the network. When this is the case, one of the key challenges is to discern from the raw data the underlying packet structures – a task that is commonly carried out by using alignment algorithms to identify commonalities (e.g. field delimiters) between packets. For this, most approaches have used variants of the Needleman Wunsch algorthm to perform byte-wise alignment. However, they can suffer when messages are heterogeneous, or in cases where protocol fields are separated by long variable fields. In this paper, we present an alternative alignment algorithm known as segment-based alignment. We show how this technique can produce accurate results on traces from several common protocols, and how the results tend to be more intuitive than those produced by state-of-the-art techniques.
DOI Link: 10.1109/QRS.2017.49
ISBN: 978-1-5386-0593-6
Version: Post-print
Status: Peer-reviewed
Type: Conference Paper
Rights: Copyright © 2017, IEEE. Deposited with reference to the publisher’s open access archiving policy.
Appears in Collections:Conference Papers & Presentations, Dept. of Computer Science

Files in This Item:
File Description SizeFormat 
qrs-2017.pdfPost-review (final submitted author manuscript)287.15 kBAdobe PDFView/Open

Items in LRA are protected by copyright, with all rights reserved, unless otherwise indicated.