Protocol reverse-Engineering Methods and Tools: A Survey

Abstract The widespread utilization of network protocols raises many security and privacy concerns. To address them, protocol reverse-engineering (PRE) has been broadly applied in diverse domains, such as network management, security validation, and software analysis, by mining protocol specifications. This paper surveys the existing PRE methods and tools, which are based on network trace (NetT) or execution trace (ExeT), according to features representation. The feature-based protocol classification is proposed for the first time in literature to describe and compare different tools more clearly from a new perspective and to inspire crossover approaches in future works. We analyze the rationale, genealogy, contributions, and properties of 74 representative PRE methods/tools developed since 2004. In addition, we extend the general process of the PRE from a feature perspective and provide a detailed evaluation of the well-known methods/tools. Finally, we highlight the open issues and future research directions.