“Efficient Updating of a Network-Protocol-Model with Message-Format Refinements,” Bachelor's or Master's thesis, S. Kleber (Supervisor), F. Kargl (Examiner), Institut of Distributed Systems, Ulm University, 2019 – Open
Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.