Skip to main content
SpringerLink
Log in

Learning Fragments of the TCP Network Protocol

  • Conference paper
Formal Methods for Industrial Critical Systems (FMICS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8718))

Abstract

We apply automata learning techniques to learn fragments of the TCP network protocol by observing its external behaviour. We show that different implementations of TCP in Windows 8 and Ubuntu induce different automata models, thus allowing for fingerprinting of these implementations. In order to infer our models we use the notion of a mapper component introduced by Aarts, Jonsson and Uijen, which abstracts the large number of possible TCP packets into a limited number of abstract actions that can be handled by the regular inference tool LearnLib. Inspection of the learned models reveals that both Windows 8 and Ubuntu 13.10 violate RFC 793.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aarts, F., de Ruiter, J., Poll, E.: Formal models of bank cards for free. In: Proceedings of the 4th International Workshop on Security Testing, SECTEST 2013, Luxembourg, March 22 (2013)

    Google Scholar 

  2. Aarts, F., Heidarian, F., Kuppens, H., Olsen, P., Vaandrager, F.: Automata learning through counterexample guided abstraction refinement. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 10–27. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  3. Aarts, F., Jonsson, B., Uijen, J.: Generating models of infinite-state communication protocols using regular inference with abstraction. In: Petrenko, A., Simão, A., Maldonado, J.C. (eds.) ICTSS 2010. LNCS, vol. 6435, pp. 188–204. Springer, Heidelberg (2010); Full version avalable at https://pms.cs.ru.nl/iris-diglib/src/getContent.php?id=2013-Aarts-InferenceRegular

    Chapter  Google Scholar 

  4. Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  5. Buchler, M., Hossen, K., Mihancea, P.F., Minea, M., Groz, R., Oriat, C.: Model inference and security testing in the spacios project. In: 2014 Software Evolution Week - IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), pp. 411–414 (February 2014)

    Google Scholar 

  6. Chalupar, G., Peherstorfer, S., Poll, E., de Ruiter, J.: Automated reverse engineering using lego, http://www.cs.ru.nl/~erikpoll/papers/legopaper.pdf

  7. Cho, C.Y., Babić, D., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols, New York, NY, USA (2010)

    Google Scholar 

  8. Corelabs. Impacket, http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Impacket

  9. Corelabs. Pcapy, http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=tool&name=Pcapy

  10. Fiterau, P., Janssen, R.: Experimental learning setup for TCP, https://bitbucket.org/fiteraup/learning-tcp

  11. Hagerer, A., Hungar, H., Niese, O., Steffen, B.: Model generation by moderated regular extrapolation. In: Kutsche, R.-D., Weber, H. (eds.) FASE 2002. LNCS, vol. 2306, pp. 80–95. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Howar, F., Steffen, B., Jonsson, B., Cassel, S.: Inferring canonical register automata. In: Kuncak, V., Rybalchenko, A. (eds.) VMCAI 2012. LNCS, vol. 7148, pp. 251–266. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Merten, M., Steffen, B., Howar, F., Margaria, T.: Next generation LearnLib. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 220–223. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  14. Nmap, http://nmap.org/book/osdetect.html

  15. Pahdye, J., Floyd, S.: On inferring tcp behavior. SIGCOMM Comput. Commun. Rev. 31(4), 287–298 (2001)

    Article  Google Scholar 

  16. Postel, J. (ed.): Transmission Control Protocol - DARPA Internet Program Protocol Specification, RFC 3261 (September 1981), http://www.ietf.org/rfc/rfc793.txt

  17. Raffelt, H., Steffen, B., Berg, T., Margaria, T.: LearnLib: a framework for extrapolating behavioral models. STTT 11(5), 393–407 (2009)

    Article  Google Scholar 

  18. Scapy, http://www.secdev.org/projects/scapy/

  19. Shahbaz, M., Groz, R.: Inferring mealy machines. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 207–222. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. SPaCIoS. Deliverable 2.2.1: Method for assessing and retrieving models (2013)

    Google Scholar 

  21. Tijssen, M.: Automatic modeling of ssh implementations with state machine learning algorithms. Bachelor’s thesis, Radboud University Nijmegen (June 2014)

    Google Scholar 

  22. Tomte, http://www.italia.cs.ru.nl/tomte/

  23. Ubuntu TCP header file, http://lxr.free-electrons.com/source/include/net/tcp.h

  24. How to modify the tcp/ip maximum retransmission time-out, http://support.microsoft.com/kb/170359

Download references

Author information

Authors and Affiliations

  1. Institute for Computing and Information Sciences, Radboud University Nijmegen, P.O. Box 9010, 6500 GL, Nijmegen, The Netherlands

    Paul Fiterău-Broştean, Ramon Janssen & Frits Vaandrager

Authors
  1. Paul Fiterău-Broştean
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ramon Janssen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frits Vaandrager
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Inria, 38330, Montbonnot, France

    Frédéric Lang

  2. Ansaldo STS, 80147, Naples, Italy

    Francesco Flammini

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Fiterău-Broştean, P., Janssen, R., Vaandrager, F. (2014). Learning Fragments of the TCP Network Protocol. In: Lang, F., Flammini, F. (eds) Formal Methods for Industrial Critical Systems. FMICS 2014. Lecture Notes in Computer Science, vol 8718. Springer, Cham. https://doi.org/10.1007/978-3-319-10702-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10702-8_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10701-1

  • Online ISBN: 978-3-319-10702-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation