How far an evolutionary approach can go for protocol state analysis and discovery

Securing todays computer networks requires numerous technologies to constantly be developed, refined and challenged. One area of research aiding in this process is that of protocol analysis, the study of the methods with which networks communicate. Our specific area of interest, the interaction with different protocol implementations, is a crucial component of this domain. Our work aims to identify and highlight a protocols states and state transitions, while minimizing the required a priori knowledge known about the protocol and its different versions (implementations). To this end, our approach uses a Genetic Programming (GP) based technique in order to analyze a client or a server of a given protocol via interacting with it with minimum a priori information. We evaluate our system against another well-known system from the literature on two different protocols, namely Dynamic Host Configuration Protocol (DHCP) and File Transfer Protocol (FTP). We measure the performances of these two systems in terms of the similarities and differences seen in the state diagrams produced for the protocols under testing. Results show that, by using our approach, it is possible to identify the different versions of a given protocol.