Automated Protocol Reverse Engineering for Model Based Fuzzing

Description

With a growing number of IoT devices comes a growing number of vulnerable
devices with undocumented protocols. Model based fuzzing allows to
find such vulnerabilities for devices with limited access to the targeted software.
To get a protocol model for fuzzing of unknown protocols Automatic
Protocol Reverse Engineering (APRE) saves time and labor. There are many
approaches for APRE, but a comparison is difficult. In this thesis, we present
a method for comparing APRE approaches. This allows to choose the best
fuzzer for a specific application. Our analysis of the relation between model
quality and fuzzing quality indicates that there is not always a relation
between model quality and fuzzing performance. We show that statistical
values can predict the model quality in some cases. These values can help
to make a choice of APRE approaches for unknown protocols.