, TreeConnectResponse_0 Figure 12.2 ? Inferred state machine of the Samba protocol (self-state transitions triggering an empty symbol and reaction time labels are removed for sake of clarity)
, 31 traffic generated by a host infected by, p.32
, 37 message can be split into words that are related to tokens, p.37
, SynC protocol. 15 CAP Common Alerting Protocol, p.34
, Abstract syntax notation one (asn.1) -specification of basic notation, 2002.
, Generating models of infinite-state communication protocols using regular inference with abstraction, Proceedings of the 22nd IFIP WG 6.1 international conference on Testing software and systems, ICTSS'10, pp.188-204, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00767416
, Protocol specification and automatic implementation using xml and cbse, Proc of the International Conference on Communications, Internet and Infomation technology, 2003.
, New reverse engineering technique using api hooking and sysenter hooking, and capturing of cash card access, Black Hat Asia, 2008.
, An intuitive explanation of cw bandwidth
, An analysis of the zeus peer-to-peer protocol, 2013.
, Learning regular sets from queries and counterexamples, Information and Computation, vol.75, issue.2, pp.87-106, 1987.
DOI : 10.1016/0890-5401(87)90052-6
, Pb vs thrift vs avro, 2012.
, Reverse Engineering of Protocols from Network Traces, 2011 18th Working Conference on Reverse Engineering, pp.169-178, 2011.
DOI : 10.1109/WCRE.2011.28
, Optimum and heuristic algorithms for an approach to finite state machine decomposition, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol.10, issue.3, pp.296-310, 2006.
DOI : 10.1109/43.67784
, A unified approach to the decomposition and re-decomposition of sequential machines, Conference proceedings on 27th ACM/IEEE design automation conference , DAC '90, pp.601-606, 1990.
DOI : 10.1145/123186.123414
, An Inside Look at Botnets, Malware Detection of Advances in Information Security, 2007.
DOI : 10.1007/978-0-387-44599-1_8
, Network protocol analysis using bioinformatics algorithms, Toorcon, 2004.
, Structure in Language: A Dynamic Perspective. Routledge Studies in Linguistics, 2008.
, Insights to Angluin's Learning, Electronic Notes in Theoretical Computer Science, vol.118, pp.3-18, 2005.
DOI : 10.1016/j.entcs.2004.12.015
, Inferring compact models of communication protocol entities In Leveraging Applications of Formal Methods, Verification, and Validation: Part I, number 6415 in Lecture Notes in Computer Science, pp.658-672, 2010.
, Some Problems in Sanitizing Network Data, 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'06), pp.307-312, 2006.
DOI : 10.1109/WETICE.2006.62
, Protocol specification for OSI, Computer Networks and ISDN Systems, vol.18, issue.3, pp.167-184, 1990.
DOI : 10.1016/0169-7552(90)90132-C
, Regular inference for communication protocol entities, 2008.
, Seven Years and One Day: Sketching the Evolution of Internet Traffic, IEEE INFOCOM 2009, The 28th Conference on Computer Communications, pp.711-719, 2009.
DOI : 10.1109/INFCOM.2009.5061979
URL : https://hal.archives-ouvertes.fr/ensl-00290756
, The future of protocol reversing and simulation applied on zeroaccess botnet, 29C3: 29th Chaos Communication Congress, 2012.
, Security evaluation of communication protocols in cc, 2012.
, Towards automated protocol reverse engineering using semantic information, Proceedings of the 9th ACM symposium on Information, computer and communications security, ASIA CCS '14, 2014.
DOI : 10.1145/2590296.2590346
URL : https://hal.archives-ouvertes.fr/hal-01009283
, Modelling to Simulate Botnet Command and Control Protocols for the Evaluation of Network Intrusion Detection Systems, 2011 Conference on Network and Information Systems Security, pp.1-8, 2011.
DOI : 10.1109/SAR-SSI.2011.5931397
URL : https://hal.archives-ouvertes.fr/hal-00658396
, How to play hooker, SSTIC, 2014.
, Dispatcher, Proceedings of the 16th ACM conference on Computer and communications security, CCS '09, 2009.
DOI : 10.1145/1653662.1653737
, Automatic protocol reverse-engineering: Message format extraction and field semantics inference, Computer Networks, vol.57, issue.2, pp.451-474, 2013.
DOI : 10.1016/j.comnet.2012.08.003
, Polyglot, Proceedings of the 14th ACM conference on Computer and communications security , CCS '07, 2007.
DOI : 10.1145/1315245.1315286
, Simple Network Management Protocol (SNMP), RFC, vol.1157, 1990.
, A validation model for the DSR protocol, 24th International Conference on Distributed Computing Systems Workshops, 2004. Proceedings., pp.768-773, 2004.
DOI : 10.1109/ICDCSW.2004.1284120
, Handbook of methods of applied statistics, Wiley series in probability and mathematical statistics, 1967.
, Using routers to build logic circuits: How powerful is BGP?, 2013 21st IEEE International Conference on Network Protocols (ICNP), 2013.
DOI : 10.1109/ICNP.2013.6733584
, Inference and analysis of formal models of botnet command and control protocols, Proceedings of the 17th ACM conference on Computer and communications security, CCS '10, pp.426-439, 2010.
, BotGAD, Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE '09, pp.1-2, 2009.
DOI : 10.1145/1621890.1621893
, Syntactic Structures. Mouton classic. Bod Third Party Titles, 2002.
, Three models for the description of language. Information Theory, IRE Transactions on, vol.2, issue.3, pp.113-124, 1956.
, Testing Software Design Modeled by Finite-State Machines, IEEE Transactions on Software Engineering, vol.4, issue.3
DOI : 10.1109/TSE.1978.231496
, Cuckoo sandbox open source automated malware analysis, Black Hat USA, 2013.
, Protocol specification extraction, Proceedings of SSP, 2009.
, Augmented BNF for Syntax Specifications: ABNF, RFCINTERNET STANDARD), vol.5234, 2008.
, Automatic protocol reverse engineering from network traces, Proceedings of USENIX Security Symposium, 2007.
, Protocol-independent adaptive replay of application dialog, The 13th Annual Network and Distributed System Security Symposium (NDSS, 2006.
, Decomposition and factorization of sequential finite state machines, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol.8, issue.11, pp.1206-1217, 2006.
DOI : 10.1109/43.41505
, Industrial networks for communication and control, 2003.
, Validation of Communications Systems with SDl. TransMeth Sud-Ouest, 2003.
, The use of attack trees in assessing vulnerabilities in scada systems, International Infrastructure Survivability Workshop, 2004.
, Anatomy of a botnet, 2013.
, Pip Near-term Architecture, RFCInformational), vol.1621, 1994.
DOI : 10.17487/rfc1621
, Hacking a closed ecosystem, O'Reilly Android Open Conference, 2011.
, Test selection based on finite state models, IEEE Transactions on Software Engineering, vol.17, issue.6, pp.591-603, 1991.
DOI : 10.1109/32.87284
, Consumer media capture: Time-based analysis and event clustering, 2003.
, Complexity of automaton identification from given data, Information and Control, vol.37, issue.3, pp.302-320, 1978.
, Bothunter: detecting malware infection through ids-driven dialog correlation, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp.1-12, 2007.
, UML for Real: Design of Embedded Real-time Systems, chapter Message Sequence Charts, p.1, 2003.
, Algebraic Structure Theory of Sequential Machines, 1966.
, Decomposition and functional verification of fsms, 1998.
, Extensions to FTP, RFC, vol.3659, 2007.
DOI : 10.17487/rfc3659
, Grammatical inference: learning automata and grammars Communicating sequential processes, 1985.
, Design and validation of computer protocols, 1991.
, Exploring the blackhole exploit kit, 2012.
, A model-based approach to security flaw detection of network protocol implementations, 2008 IEEE International Conference on Network Protocols, pp.114-123, 2008.
DOI : 10.1109/ICNP.2008.4697030
, Analysis and optimization of software model inference algorithms, 2012.
, Information processing systems ? OSI reference model, international standards organization, ISO, 1984.
, Internet Relay Chat: Architecture, RFC, vol.2810, 2000.
DOI : 10.17487/rfc2810
, Global internet report 2014, 2014.
, Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management, RFC, vol.1422, 1993.
, Security Architecture for the Internet Protocol, RFC, vol.4301, 2005.
, Representation of Events in Nerve Nets and Finite Automata. Memorandum (Rand Corporation) Rand Corporation, 1951.
, Analysis of the train communication network protocol error detection capabilities. Working paper, 2001.
, Learning stateful models for network honeypots, Proceedings of the 5th ACM workshop on Security and artificial intelligence, AISec '12, 2012.
DOI : 10.1145/2381896.2381904
, ASAP: Automatic Semantics-Aware Analysis of Network Payloads, Proceedings of ECML/PKDD, 2011.
DOI : 10.1016/j.jss.2009.06.040
, Internet inter-domain traffic, SIGCOMM Comput. Commun. Rev, vol.41, issue.4, 2010.
DOI : 10.1145/1851182.1851194
, Faster algorithms for finding minimal consistent dfas, NEC Research Institute, 4 Independence Way, 1999.
, Algorithms for non-negative matrix factorization, NIPS, 2000.
, Generic String Encoding Rules (GSER) for ASN.1 Types, RFC, vol.3641, 2003.
DOI : 10.17487/rfc3641
, ScriptGen: an automated script generation tool for honeyd, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.
DOI : 10.1109/CSAC.2005.49
, Automatic protocol format reverse engineering through context-aware monitored execution, 15TH SYMPOSIUM ON NETWORK AND DISTRIBUTED SYSTEM SECURITY (NDSS, 2008.
, An introduction to LOTOS: learning by examples, Computer Networks and ISDN Systems, vol.23, issue.5
DOI : 10.1016/0169-7552(92)90011-E
, Automated generation of protocol test sequences from formal specifications, Proceedings of ICNP, 1994 International Conference on Network Protocols, pp.72-79, 1994.
DOI : 10.1109/ICNP.1994.344374
, Modeling networking protocols to test intrusion detection systems, Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks, LCN '04, pp.774-775, 2004.
, Specification and Verification of a Sliding Window Protocol in LOTOS, Formal Description Techniques, IV, volume C-2 of IFIP Transactions
DOI : 10.1016/B978-0-444-89402-1.50045-X
, Malware analysis report -new c&c protocol for zeroacess/siref, 2012.
, Communication and concurrency, 1989.
, Use and Interpretation of HTTP Version Numbers, RFC, vol.2145, 1997.
, A general method applicable to the search for similarities in the amino acid sequence of two proteins, Journal of Molecular Biology, vol.48, issue.3, pp.443-453, 1970.
, An Integrated Approach to Testing Complex Systems, Erlangung des Grades eines Doktors der Naturwissenschaften der Universitat Dortmund am Fachbereich Informatik, 2003.
, Machine learning based botnet detection, 2006.
, Technical overview, 2004.
, A helpful result for proving inherent ambiguity, Mathematical systems theory, pp.191-194, 1968.
DOI : 10.1007/BF01694004
, Estelle -a formal description technique based on an extended state transition model Internationnal Organisation for Standardisation, 1989.
, A high-level programming environment for packet trace anonymization and transformation, Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications , SIGCOMM '03, pp.339-351, 2003.
DOI : 10.1145/863955.863994
, State reduction in incompletely specified finite-state machines. Computers, IEEE Transactions, issue.12, pp.221099-1102, 1973.
, LearnLib, Proceedings of the 10th international workshop on Formal methods for industrial critical systems , FMICS '05, pp.62-71, 2005.
DOI : 10.1145/1081180.1081189
URL : https://hal.archives-ouvertes.fr/inria-00459959
, Detecting novel associations in large data sets, Science, issue.6062, pp.3341518-1524, 2011.
, Internet Message Format RFC 2822 (Proposed Standard), p.5336, 2001.
, Internet Message Format, RFC, vol.5322, 2008.
, Sally: A tool for embedding strings in vector spaces, Journal of Machine Learning Research, 2012.
, The evolution of tdl: conquering x64, 2011.
, Snort -lightweight intrusion detection for networks, Proceedings of the USENIX LISA'99 conference, pp.229-238, 1999.
, Vulnerabilities of network control protocols, ACM SIGCOMM Computer Communication Review, vol.11, issue.3, 1981.
DOI : 10.1145/1015591.1015592
, Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence, RFC, vol.6121, 2011.
, Ict facts and figures, 2013.
, The Three Generations of Field-Level Networks—Evolution and Compatibility Issues, IEEE Transactions on Industrial Electronics, vol.57, issue.11, 2010.
DOI : 10.1109/TIE.2010.2062473
, zeroaccess threat report, 2011.
, Static specification mining using automata-based abstractions, Proceedings of the 2007 international symposium on Software testing and analysis, ISSTA '07, pp.174-184, 2007.
DOI : 10.1145/1273463.1273487
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.154.9497
, Modeling LTE Protocol for Mobile Terminals Using a Formal Description Technique
DOI : 10.1007/978-3-642-74238-5
, The untold tale of database communication protocol vulnerabilities, BlackHat, 2007.
, A statistical method for evaluating systematic relationships, University of Kansas Scientific Bulletin, vol.28, pp.1409-1438, 1958.
, Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems, Computer Aided Verification, 2013.
DOI : 10.1007/978-3-642-39799-8_51
, Overbot, Proceedings of the 4th international conference on Security and privacy in communication netowrks, SecureComm '08, pp.1-13, 2008.
DOI : 10.1145/1460877.1460894
, Introduction to Active Automata Learning from a Practical Perspective, Formal Methods for Eternal Networked Software Systems, 2011.
DOI : 10.1007/978-3-642-21455-4_8
URL : https://hal.archives-ouvertes.fr/hal-00647729
, Inside the storm: Protocols and encryption of the storm botnet, Black Hat USA, 2008.
, Mathematics of Multisets, Proceedings of the Workshop on Multiset Processing: Multiset Processing, Mathematical, Computer Science, and Molecular Computing Points of View, pp.347-358, 2001.
DOI : 10.1007/3-540-45523-X_17
, Specification and validation of q.2931 atm signaling protocol using estelle
, Learning recursive automata from positive examples. Revue d'Intelligence Artificielle, pp.775-804, 2006.
URL : https://hal.archives-ouvertes.fr/inria-00470101
, waledac -threat analysis, 2009.
, Analysis on pbot ? a php irc bot that has malicious functions, 2012.
, Danfeng(Daphne) Yao, Yongzheng Zhang, and Li Guo. A semantics aware approach to automated reverse engineering unknown protocols, Proceedings of ICNP, 2012.
, Inferring Protocol State Machine from Network Traces: A Probabilistic Approach, Proceedings of ACNS, 2011.
DOI : 10.1002/9780470316801
, ReFormat: Automatic Reverse Engineering of Encrypted Messages, Proceedings of the 14th European Conference on Research in Computer Security, ESORICS'09, pp.200-215, 2009.
DOI : 10.1016/S1389-1286(99)00112-7
, Nine years of observing traffic anomalies: Trending analysis in backbone networks, Integrated Network Management 2013 IFIP/IEEE International Symposium on, pp.636-642, 2013.
, Automatic network protocol analysis, Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08, 2008.
, Automatically Generating Models for Botnet Detection, Proceedings of the 14th European conference on Research in computer security, ESORICS'09, pp.232-249, 2009.
DOI : 10.1007/978-3-540-70542-0_6
, Software component protocol inference, 2003.
, Sikuli, Proceedings of the 22nd annual ACM symposium on User interface software and technology, UIST '09, pp.183-192, 2009.
DOI : 10.1145/1622176.1622213
, Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map, RFC, vol.4510, 2006.
DOI : 10.17487/rfc4510