| Approach, method, tool, or author | Protocols analyzed or reverse engineered | Text | Binary | Hybrid | Others (unknown/undocumented) |
| ScriptGen [29] | HTTP | NetBios | None | DCE | RolePlayer [30] | NFS, FTP, HTTP, SMTP, TFTP | DNS | SMB, CIFS | None | Ma et al. [31] | FTP, SMTP, HTTP, HTTPS (TCP-Protos) | DNS, NetBIOS, SrvLoc (UDP-Protos) | None | None | Boosting [32] | None | DNS | None | None | Dispatcher [6] | HTTP, FTP, ICQ | DNS | None | None | ASAP [33] | HTTP, FTP, IRC, TFTP | None | None | None | Dispatcher2 [34] | HTTP, FTP, ICQ | DNS | SMB | None | ProVeX [35] | HTTP, SMTP, IMAP | DNS, VoIP, XMPP | None | Malware Family Protocols | PIP [36] | HTTP | None | None | None | FieldHunter [37] | MSNP | DNS | None | SopCast, Ramnit | RS Cluster [38] | HTTPS, POP3, SMTP, FTP | DNS, XunLei, BitTorrent, BitSpirit, QQ, eMule | None | MSSQL, Kugoo, PPTV | UPCSS [39] | IMAP, HTTP, SMTP, FTP, POP3 | DNS, SSL, SSH | SMB | None | PowerShell [40] | None | ARP, OSPF, DHCP, STP | None | CDP/DTP/VTP, HSRP, LLDP, LLMNR, mDNS, NBNS, VRRP |
|
|