PREUNN: Protocol Reverse Engineering using Neural Networks

Valentin Kiechle; Matthias Börsig; Sven Nitzsche; Ingmar Baumgart; Jürgen Becker

doi:10.5220/0010813500003120

PREUNN: Protocol Reverse Engineering using Neural Networks

Valentin Kiechle, Matthias Börsig, Sven Nitzsche, Ingmar Baumgart, Jürgen Becker

2022

Abstract

The ability of neural networks to universally approximate any function enables them to learn relationships between arbitrary kinds of data. This offers great potential in information security topics such as protocol reverse engineering (PRE), which has seen little usage of neural networks (NNs) so far. In this paper, we provide a novel approach for implementing PRE with solely NNs, demonstrating a simple yet effective reverse engineering of text-based protocols. This approach is modular by design and allows for the exchange of neural network models at any step with better performing models. The architectures used include a convolutional neural network (CNN), an autoencoder (AE), a generative adversarial net (GAN), a long short-term memory (LSTM), and a self-organizing map (SOM). All of these models combine for a new protocol reverse engineering approach. The results show that the widespread application layer protocols HTTP and FTP can successfully be mimicked by artificial intelligence, thereby paving the way for use cases such as fuzzing. A direct comparison to other PRE approaches is not possible due to the black-box nature of neural networks and represents the main limitation of our work. Our experiments showed that this multi-model approach yield up to 19% better message clustering, improved context distribution, and proving LSTM to be the best candidate for generating new messages with up to 67.6% valid HTTP packages and 100% valid FTP packages.

Download

Paper Citation

in Harvard Style

Kiechle V., Börsig M., Nitzsche S., Baumgart I. and Becker J. (2022). PREUNN: Protocol Reverse Engineering using Neural Networks. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 345-356. DOI: 10.5220/0010813500003120

in Bibtex Style

@conference{icissp22,
author={Valentin Kiechle and Matthias Börsig and Sven Nitzsche and Ingmar Baumgart and Jürgen Becker},
title={PREUNN: Protocol Reverse Engineering using Neural Networks},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={345-356},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010813500003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - PREUNN: Protocol Reverse Engineering using Neural Networks
SN - 978-989-758-553-1
AU - Kiechle V.
AU - Börsig M.
AU - Nitzsche S.
AU - Baumgart I.
AU - Becker J.
PY - 2022
SP - 345
EP - 356
DO - 10.5220/0010813500003120