Skip to content

PREUNN: Protocol Reverse Engineering Using Neural Networks

Authors

Valentin Kiechle, Matthias Börsig, Sven Nitzsche, Ingmar Baumgar and Jürgen Becker

Corresponding author: Matthias Börsig

Abstract

The ability of neural networks to universally approximate any function enables them to learn relationships between arbitrary kinds of data. This offers great potential in information security topics such as protocol reverse engineering (PRE), which has seen little usage of neural networks (NNs) so far. In this paper, we provide a novel approach for implementing PRE with solely NNs, demonstrating a simple yet effective reverse engineering of text-based protocols. This approach is modular by design and allows for the exchange of neural network models at any step with better performing models. The architectures used include a convolutional neural network (CNN), an autoencoder (AE), a generative adversarial net (GAN), a long short-term memory (LSTM), and a self-organizing map (SOM). All of these models combine for a new protocol reverse engineering approach. The results show that the widespread application layer protocols HTTP and FTP can successfully be mimicked by artificial intelligence, thereby paving the way for use cases such as fuzzing. A direct comparison to other PRE approaches is not possible due to the black-box nature of neural networks and represents the main limitation of our work. Our experiments showed that this multi-model approach yield up to 19% better message clustering, improved context distribution, and proving LSTM to be the best candidate for generating new messages with up to 67.6% valid HTTP packages and 100% valid FTP packages.

Keywords

Protocol Reverse Engineering, Artificial Intelligence, Machine Learning, Neural Networks, Fuzzing

©2022 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved.

Event website: https://icissp.scitevents.org/?y=2022

Publication

In Proceedings of the 8th International Conference on Information Systems Security and Privacy (ICISSP 2022)

DOI: 10.5220/0010813500003120
BibTeX: Download
PDF: Download

Award

Awarded with the “Best Poster Award”

Bibliography

@inproceedings{Kiechle.2022,
  author={Valentin Kiechle and Matthias Börsig and Sven Nitzsche and Ingmar Baumgart and Jürgen Becker},
  title={PREUNN: Protocol Reverse Engineering using Neural Networks},
  booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP},
  year={2022},
  month={2},
  pages={345-356},
  publisher={SciTePress},
  organization={INSTICC},
  doi={10.5220/0010813500003120},
  isbn={978-989-758-553-1},
  url={https://www.scitepress.org/Link.aspx?doi=10.5220/0010813500003120}
}