Resumen |
In the field of network protocols, Reverse Engineering is often used for the identification of both structural and functional features of a specific protocol implementation. The advantage of Reverse Engineering is that it enables the understanding of a specific protocol without prior knowledge. Obtaining a specification of a protocol can be advantageous for both the attacker, and the defender. The defender can use Reverse Engineering by a "Tiger Team", to discover vulnerabilities, and covert channels. Similarly, the attacker can use Reverse Engineering to identify weaknesses in the protocol, such as its propensity to "Man In the Middle" attacks. This paper presents a model based on reverse engineering supported by bioinformatics algorithms, to determine the data unit format, location and header lengths fields. This was developed using the progressive multiple sequence alignment, which is a method used by bioinformatics area for nucleotide and protein sequences analysis. The contribution is the use of reverse engineering on communication protocols by analyzing raw packets automatically. Experimentation was performed on a covert channel sound on android called SoundComm-CISEG. As a result of the test 5 fixed fields and 2 dynamic fields were correctly identified for the proposed model and 96% of presicion and 95% for recall was obtained. © 2016 IEEE. |