Security

Protocol-Independent Adaptive Replay of Application Dialog

Date Added: Jan 2011
Format: PDF

For many applications - including recognizing malware variants, determining the range of system versions vulnerable to a given attack, testing defense mechanisms, and filtering multi-step attacks - it can be highly useful to mimic an existing system while interacting with a live host on the network. The authors present RolePlayer, a system which, given examples of an application session, can mimic both the client side and the server side of the session for a wide variety of application protocols. A key property of RolePlayer is that it operates in an application-independent fashion: the system does not require any specifics about the particular application it mimics.