CONFidence - (29-30.11 2010 Prague)
Language: polski | english |cesky

Mateusz Drygas


Topic of Presentation: Discovery and visualization of network protocols with tools for biological sequence alignment

Language: English

Abstract: From a number of software testing techniques, fuzzing is one of the most easily understood. Zero-knowledge fuzzing may be carried out even by a beginning tester to the point of isolating malicious input. On the other side, the probability of finding bugs in the processing software was reported to increase with the amount of knowledge applied to the fuzzing process. However, this involves some preparation and – in case of proprietary protocols – requires reverse engineering to be applied.
Reverse engineering of network protocols or file formats for improving fuzzing can be a tedious and difficult task without suitable tools. Many test cases need to be compared, but there are no general tools that allow “diffing” and visualizing multiple byte sequences.
Comparing and aligning multiple sequences is one of the basics tools in bioinformatics. Algorithms for multiple sequence alignment are already quite mature and optimized. Great tools for visualizations are also available.
We employ freely available bioinformatics software to help in reverse engineering work. In addition of aligning available sequences (byte streams) we also visualize dependencies between them, e.g. as phylogenetic trees. Practical uses include classification of unknown network packets (a plugin for a network analyzer – wireshark) and preparing file format descriptions for fuzzers (Peach Fuzzing Platform).