[ Back-Up Speaker ]Reverse Engineering Network Protocols Using Bioinformatics

No ratings

Presented at Blackhat USA 2005 by

Marshall Beddoe

Network protocol analysis is currently performed by hand using only intuition and a protocol analyzer tool such as tcpdump or Ethereal. This talk presents Protocol Informatics, a method for automating network protocol reverse engineering by utilizing algorithms found in the bioinformatics field. In order to determine fields in protocol packets, samples are aligned using multiple string alignment algorithms and their consensus sequences are analyzed to understand the beginning and the end of fields in the packet.