@article{1469,
  author = {Lian He, Qiao-yan Wen, Zhao Zhang},
  title = {A TLV Structure Semantic Constraints based Method for Reverse Engineering Protocol Packet Formats},
  journal = {Journal of Networking Technology},
  year = {2014},
  volume = {5},
  number = {1},
  doi = {},
  url = {http://www.dline.info/jnt/fulltext/v5n1/2.pdf},
  abstract = {Mining unknown protocol packet formats is a very effective way to improve network security, especially in promoting the accuracy of network fuzz test. However, researches reverse engineering unknown protocol packets mostly depend on manual analysis, which is extremely time consuming and low efficiency. In this paper, we proposed a new method to infer the unknown protocol packet formats automatically. This method could infer the potential TLV fields and extract protocol format with low time consuming. First we define a threshold value for the sum of tag field types. Then we increase the value of a variable standing for the length of a tag filed until the type number of this tag fields reaches the threshold. After the tag filed is obtained, we can easily get the length field and the value field next to it. Run this process on the value field recursively, and we could finally get the whole structure of packet formats. In order to demonstrate the effectiveness, we applied our methods on the Get-Request packets of SNMP. As a result, almost 90% of the TLV structures of packets are extracted, at the same time, the field of Get-Request Id is also inferred successfully.},
}