TY - GEN
T1 - Reverse engineering with bioinformatics algorithms over a sound android covert channel
AU - Razo, Sergio Ivan Vargas
AU - Anaya, Eleazar Aguirre
AU - Ambrosio, Ponciano Jorge Escamilla
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2017/3/28
Y1 - 2017/3/28
N2 - In the field of network protocols, Reverse Engineering is often used for the identification of both structural and functional features of a specific protocol implementation. The advantage of Reverse Engineering is that it enables the understanding of a specific protocol without prior knowledge. Obtaining a specification of a protocol can be advantageous for both the attacker, and the defender. The defender can use Reverse Engineering by a "Tiger Team", to discover vulnerabilities, and covert channels. Similarly, the attacker can use Reverse Engineering to identify weaknesses in the protocol, such as its propensity to "Man In the Middle" attacks. This paper presents a model based on reverse engineering supported by bioinformatics algorithms, to determine the data unit format, location and header lengths fields. This was developed using the progressive multiple sequence alignment, which is a method used by bioinformatics area for nucleotide and protein sequences analysis. The contribution is the use of reverse engineering on communication protocols by analyzing raw packets automatically. Experimentation was performed on a covert channel sound on android called SoundComm-CISEG. As a result of the test 5 fixed fields and 2 dynamic fields were correctly identified for the proposed model and 96% of presicion and 95% for recall was obtained.
AB - In the field of network protocols, Reverse Engineering is often used for the identification of both structural and functional features of a specific protocol implementation. The advantage of Reverse Engineering is that it enables the understanding of a specific protocol without prior knowledge. Obtaining a specification of a protocol can be advantageous for both the attacker, and the defender. The defender can use Reverse Engineering by a "Tiger Team", to discover vulnerabilities, and covert channels. Similarly, the attacker can use Reverse Engineering to identify weaknesses in the protocol, such as its propensity to "Man In the Middle" attacks. This paper presents a model based on reverse engineering supported by bioinformatics algorithms, to determine the data unit format, location and header lengths fields. This was developed using the progressive multiple sequence alignment, which is a method used by bioinformatics area for nucleotide and protein sequences analysis. The contribution is the use of reverse engineering on communication protocols by analyzing raw packets automatically. Experimentation was performed on a covert channel sound on android called SoundComm-CISEG. As a result of the test 5 fixed fields and 2 dynamic fields were correctly identified for the proposed model and 96% of presicion and 95% for recall was obtained.
UR - http://www.scopus.com/inward/record.url?scp=85018166518&partnerID=8YFLogxK
U2 - 10.1109/MALWARE.2016.7888724
DO - 10.1109/MALWARE.2016.7888724
M3 - Contribución a la conferencia
AN - SCOPUS:85018166518
T3 - 2016 11th International Conference on Malicious and Unwanted Software, MALWARE 2016
SP - 3
EP - 9
BT - 2016 11th International Conference on Malicious and Unwanted Software, MALWARE 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 11th International Conference on Malicious and Unwanted Software, MALWARE 2016
Y2 - 18 October 2016 through 21 October 2016
ER -