Security and Communication Networks

Review Article

A Survey of Automatic Protocol Reverse Engineering Approaches, Methods, and Tools on the Inputs and Outputs View

Four divisions of reverse engineered or analyzed protocols by approaches that do not directly focus on reverse engineering PFs or PFSMs.


Approach, method, tool, or author	Protocols analyzed or reverse engineered
Approach, method, tool, or author	Text	Binary	Hybrid	Others (unknown/undocumented)

ScriptGen [29]	HTTP	NetBios	None	DCE
RolePlayer [30]	NFS, FTP, HTTP, SMTP, TFTP	DNS	SMB, CIFS	None
Ma et al. [31]	FTP, SMTP, HTTP, HTTPS (TCP-Protos)	DNS, NetBIOS, SrvLoc (UDP-Protos)	None	None
Boosting [32]	None	DNS	None	None
Dispatcher [6]	HTTP, FTP, ICQ	DNS	None	None
ASAP [33]	HTTP, FTP, IRC, TFTP	None	None	None
Dispatcher2 [34]	HTTP, FTP, ICQ	DNS	SMB	None
ProVeX [35]	HTTP, SMTP, IMAP	DNS, VoIP, XMPP	None	Malware Family Protocols
PIP [36]	HTTP	None	None	None
FieldHunter [37]	MSNP	DNS	None	SopCast, Ramnit
RS Cluster [38]	HTTPS, POP3, SMTP, FTP	DNS, XunLei, BitTorrent, BitSpirit, QQ, eMule	None	MSSQL, Kugoo, PPTV
UPCSS [39]	IMAP, HTTP, SMTP, FTP, POP3	DNS, SSL, SSH	SMB	None
PowerShell [40]	None	ARP, OSPF, DHCP, STP	None	CDP/DTP/VTP, HSRP, LLDP, LLMNR, mDNS, NBNS, VRRP