Automatically Complementing Protocol Specifications From Network Traces
Network servers can be tested for correctness by resorting to a specification of the implemented protocol. However, producing a protocol specification can be a time-consuming task. In addition, protocols are constantly evolving with new functionality and message formats that render the previously defined specifications incomplete or deprecated. This paper presents a methodology to automatically complement an existing specification with extensions to the protocol by analyzing the contents of the messages in network traces. The approach can be used on top of existing protocol reverse engineering techniques allowing it to be applied to both open and closed protocols.