An Automatic Protocol Reverse Engineering Approach from the Viewpoint of the TCP/IP Reference Model

Protocol reverse engineering represents a very powerful and important tool for network management and security. To cope with the emergence and evolution of rapidly increasing numbers of unknown protocols, automation is of great importance. Many methods for supporting the automation of the various steps for protocol reverse engineering have been investigated; however, there has been no method to automate the analysis of the target network environment. Most methods are designed only for application layer protocols, and all others are designed for specific environments. Given any unknown communication, we must be able to infer the structure of the protocol. However, there has been no research on automatic reverse engineering of protocols when both the protocol and the target network environment are entirely unknown. Here, we propose an automatic protocol reverse engineering approach that is designed to be generally applicable, regardless of the specific network environment. We demonstrate the feasibility of the proposed approach by applying it to several protocols in various layers of the TCP/IP reference model.