Reverse Engineering Network Protocols using Bioinformatics

Presented at DEF CON 13 (2005), July 30, 2005, noon (50 minutes)

Network protocol analysis is currently performed by hand using only intuition and a protocol analyzer tool such as tcpdump or Ethereal. This talk presents Protocol Informatics, a method for automating network protocol reverse engineering by utilizing algorithms found in the bioinformatics field. In order to determine fields in protocol packets, samples are aligned using multiple string alignment algorithms and their consensus sequences are analyzed to understand the beginning and the end of fields in the packet.

Presenters:

• Marshall Beddoe
  Marshall Beddoe is currently a Research Scientist with McAfee, Inc. Prior to McAfee, Marshall worked for Foundstone performing general computer security research and development. His main focus is on the introduction of cross disciplinary methods and techniques into the realm of computer security. He has performed extensive research on protocol analysis, passive network mapping and operating system identification. He can be reached at mbeddoe@insidiae.org.

Links:

• https://defcon.org/html/defcon-13/dc13-speakers.html#beddoe
• https://infocon.org/cons/DEF CON/DEF CON 13/DEF CON 13 video/DEF CON 13 Hacking Conference Presentation By M Beddoe - Protocol Informatics Project - Video.mp4
• https://www.youtube.com/watch?v=YLDWBSyjkAc

Similar Presentations:

• Black Hat USA 2022 / Automatic Protocol Reverse Engineering
• BSidesLV 2016 / Beyond the Tip of the IceBerg -- Fuzzing Binary Protocol for Deeper Code Coverage.
• BruCON 0x09 (2017) / Defeating Proprietary Protocols the Smart Way Workshop