Please use this identifier to cite or link to this item: http://hdl.handle.net/2381/40147
Title: Using Segment-Based Alignment to Extract Packet Structures from Network Traces
Authors: Esoul, Othman
Walkinshaw, Neil
First Published: 2017
Presented at: IEEE International Conference on Quality, Reliability and Security QRS 2017
Publisher: IEEE
Citation: IEEE International Conference on Quality, Reliability and Security, In Press
Abstract: Many applications in security, from understanding unfamiliar protocols to fuzz-testing and guarding against potential attacks, rely on analysing network protocols. In many situations we cannot rely on access to a specification or even an implementation of the protocol, and must instead rely on raw network data “sniffed” from the network. When this is the case, one of the key challenges is to discern from the raw data the underlying packet structures – a task that is commonly carried out by using alignment algorithms to identify commonalities (e.g. field delimiters) between packets. For this, most approaches have used variants of the Needleman Wunsch algorthm to perform byte-wise alignment. However, they can suffer when messages are heterogeneous, or in cases where protocol fields are separated by long variable fields. In this paper, we present an alternative alignment algorithm known as segment-based alignment. We show how this technique can produce accurate results on traces from several common protocols, and how the results tend to be more intuitive than those produced by state-of-the-art techniques.
DOI Link: TBA
ISSN: TBA
Links: TBA
http://hdl.handle.net/2381/40147
Embargo on file until: 1-Jan-10000
Version: Post-print
Status: Peer-reviewed
Type: Conference Paper
Rights: TBA
Description: The file associated with this record is under embargo until publication, in accordance with the publisher's self-archiving policy. The full text may be available through the publisher links provided above.
Appears in Collections:Conference Papers & Presentations, Dept. of Computer Science

Files in This Item:
File Description SizeFormat 
qrs-2017.pdfPost-review (final submitted author manuscript)287.15 kBAdobe PDFView/Open


Items in LRA are protected by copyright, with all rights reserved, unless otherwise indicated.