Automatic Reverse Engineering of Message Formats From Network Traces

A system for automatic inference of message formats from network packets is described. Each network message from a set of network messages is split into one or more tokens based on the types of bytes in the network messages. The set of network messages can then be classified into clusters based on t...

Full description

Saved in:
Bibliographic Details
Main Authors WANG JIAHE HELEN, CUI WEIDONG, KANNAN JAYANTHKUMAR
Format Patent
LanguageEnglish
Published 01.01.2009
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online AccessGet full text

Cover

More Information
Summary:A system for automatic inference of message formats from network packets is described. Each network message from a set of network messages is split into one or more tokens based on the types of bytes in the network messages. The set of network messages can then be classified into clusters based on token patterns. The network messages in each cluster can then be further sub-clustered recursively based on the message formats. Further, the messages with a similar message format across the sub-clusters can be merged into a cluster. The set of formatted clusters thus obtained correspond to a set of message formats that can be used further for protocol reverse engineering.
Bibliography:Application Number: US20070768780