[Back to the news index]
CS researchers Prof. Orna Grumberg,
Dr. Gabi Nakibly
student Ron Marcovich, developed an automatic method for deriving a
communication protocol from a running (binary) file that implements it. The work
was done as part of the thesis of Marcovich, who is studying for a master's
degree at the faculty.
Deriving a communication protocol is an important and very useful process in the
cyber field. Researchers are interested in deriving communication protocols for
the purpose of searching for weaknesses and "backdoors" (backdoors) as well as
in order to analyze the operation of malware controlled remotely by an attacker.
This operation is often done manually by a researcher in a long and complicated
process that takes a lot of time. As part of the research, the PISE tool was
developed which implements the algorithm we developed throughout the research
and which uses ideas such as symbolic running and machine learning to learn the
state machine of the protocol as well as its different types of messages.
The research was presented last week
at the prestigious cyber conference
USA 2022, where the tool, its purpose and how it works was presented.