Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
133 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Unleashing the Power of LLM to Infer State Machine from the Protocol Implementation (2405.00393v4)

Published 1 May 2024 in cs.CR

Abstract: State machines are essential for enhancing protocol analysis to identify vulnerabilities. However, inferring state machines from network protocol implementations is challenging due to complex code syntax and semantics. Traditional dynamic analysis methods often miss critical state transitions due to limited coverage, while static analysis faces path explosion issues. To overcome these challenges, we introduce a novel state machine inference approach utilizing LLMs, named ProtocolGPT. This method employs retrieval augmented generation technology to enhance a pre-trained model with specific knowledge from protocol implementations. Through effective prompt engineering, we accurately identify and infer state machines. To the best of our knowledge, our approach represents the first state machine inference that leverages the source code of protocol implementations. Our evaluation of six protocol implementations shows that our method achieves a precision of over 90%, outperforming the baselines by more than 30%. Furthermore, integrating our approach with protocol fuzzing improves coverage by more than 20% and uncovers two 0-day vulnerabilities compared to baseline methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (50)
  1. J. Narayan, S. K. Shukla, and T. C. Clancy, “A survey of automatic protocol reverse engineering tools,” ACM Computing Surveys (CSUR), vol. 48, no. 3, pp. 1–26, 2015.
  2. V.-T. Pham, M. Böhme, and A. Roychoudhury, “Aflnet: a greybox fuzzer for network protocols,” in 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST).   IEEE, 2020, pp. 460–465.
  3. K. Bhargavan, B. Blanchet, and N. Kobeissi, “Verified models and reference implementations for the tls 1.3 standard candidate,” in 2017 IEEE Symposium on Security and Privacy (SP).   IEEE, 2017, pp. 483–502.
  4. P. Fiterau-Brostean, B. Jonsson, R. Merget, J. De Ruiter, K. Sagonas, and J. Somorovsky, “Analysis of {{\{{DTLS}}\}} implementations using protocol state fuzzing,” in 29th USENIX Security Symposium (USENIX Security 20), 2020, pp. 2523–2540.
  5. J. Ba, M. Böhme, Z. Mirzamomen, and A. Roychoudhury, “Stateful greybox fuzzing,” in 31st USENIX Security Symposium (USENIX Security 22), 2022, pp. 3255–3272.
  6. Z. Shu and G. Yan, “Iotinfer: Automated blackbox fuzz testing of iot network protocols guided by finite state machine inference,” IEEE Internet of Things Journal, vol. 9, no. 22, pp. 22 737–22 751, 2022.
  7. A. A. Ishtiaq, S. M. M. R. Sarkar Snigdha Sarathi Das, K. T. Ali Ranjbar, Z. S. Tianwei Wu, M. A. Weixuan Wang, and S. R. H. Rui Zhang, “Hermes: Unlocking security analysis of cellular network protocols by synthesizing finite state machines from natural language specifications,” in 33st USENIX Security Symposium (USENIX Security 24), 2024.
  8. M. L. Pacheco, M. von Hippel, B. Weintraub, D. Goldwasser, and C. Nita-Rotaru, “Automated attack synthesis by extracting finite state machines from protocol specification documents,” in 2022 IEEE Symposium on Security and Privacy (SP).   IEEE, 2022, pp. 51–68.
  9. Q. Shi, X. Xu, and X. Zhang, “Extracting protocol format as state machine via controlled static loop analysis,” in 32nd USENIX Security Symposium (USENIX Security 23), 2023, pp. 7019–7036.
  10. R. Gopinath, B. Mathis, and A. Zeller, “Mining input grammars from dynamic control flow,” in Proceedings of the 28th acm joint meeting on european software engineering conference and symposium on the foundations of software engineering, 2020, pp. 172–183.
  11. M. Höschele and A. Zeller, “Mining input grammars from dynamic taints,” in Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, 2016, pp. 720–725.
  12. A. Z. Yang, C. Le Goues, R. Martins, and V. Hellendoorn, “Large language models for test-free fault localization,” in Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, 2024, pp. 1–12.
  13. Z. Liu, C. Chen, J. Wang, M. Chen, B. Wu, X. Che, D. Wang, and Q. Wang, “Testing the limits: Unusual text inputs generation for mobile app crash detection with large language model,” arXiv preprint arXiv:2310.15657, 2023.
  14. C. S. Xia, M. Paltenghi, J. Le Tian, M. Pradel, and L. Zhang, “Fuzz4all: Universal fuzzing with large language models,” Proc. IEEE/ACM ICSE, 2024.
  15. S. Feng and C. Chen, “Prompting is all you need: Automated android bug replay with large language models,” in Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, 2024, pp. 1–13.
  16. Y. Deng, C. S. Xia, C. Yang, S. D. Zhang, S. Yang, and L. Zhang, “Large language models are edge-case generators: Crafting unusual programs for fuzzing deep learning libraries,” in Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, 2024, pp. 1–13.
  17. R. Meng, M. Mirchev, M. Böhme, and A. Roychoudhury, “Large language model guided protocol fuzzing,” in Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS), 2024.
  18. W. Cui, J. Kannan, and H. J. Wang, “Discoverer: Automatic protocol reverse engineering from network traces.” in USENIX Security Symposium.   Boston, MA, USA, 2007, pp. 1–14.
  19. S. Kleber, H. Kopp, and F. Kargl, “{{\{{NEMESYS}}\}}: Network message syntax reverse engineering by analysis of the intrinsic structure of individual messages,” in 12th USENIX Workshop on Offensive Technologies (WOOT 18), 2018.
  20. Y. Ye, Z. Zhang, F. Wang, X. Zhang, and D. Xu, “Netplier: Probabilistic network protocol reverse engineering from message traces.” in NDSS, 2021.
  21. S. Kleber, R. W. van der Heijden, and F. Kargl, “Message type identification of binary network protocols using continuous segment similarity,” in IEEE INFOCOM 2020-IEEE Conference on Computer Communications.   IEEE, 2020, pp. 2243–2252.
  22. R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie, “{{\{{WHYPER}}\}}: Towards automating risk assessment of mobile applications,” in 22nd USENIX Security Symposium (USENIX Security 13), 2013, pp. 527–542.
  23. E. Wong, L. Zhang, S. Wang, T. Liu, and L. Tan, “Dase: Document-assisted symbolic execution for improving automated software testing,” in 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1.   IEEE, 2015, pp. 620–631.
  24. T. Brown, B. Mann, N. Ryder, M. Subbiah, J. D. Kaplan, P. Dhariwal, A. Neelakantan, P. Shyam, G. Sastry, A. Askell et al., “Language models are few-shot learners,” Advances in neural information processing systems, vol. 33, pp. 1877–1901, 2020.
  25. A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, Ł. Kaiser, and I. Polosukhin, “Attention is all you need,” Advances in neural information processing systems, vol. 30, 2017.
  26. A. Chowdhery, S. Narang, J. Devlin, M. Bosma, G. Mishra, A. Roberts, P. Barham, H. W. Chung, C. Sutton, S. Gehrmann et al., “Palm: Scaling language modeling with pathways,” Journal of Machine Learning Research, vol. 24, no. 240, pp. 1–113, 2023.
  27. Z. Fan, X. Gao, M. Mirchev, A. Roychoudhury, and S. H. Tan, “Automated repair of programs from large language models,” in 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE).   IEEE, 2023, pp. 1469–1481.
  28. N. Jain, S. Vaidyanath, A. Iyer, N. Natarajan, S. Parthasarathy, S. Rajamani, and R. Sharma, “Jigsaw: Large language models meet program synthesis,” in Proceedings of the 44th International Conference on Software Engineering, 2022, pp. 1219–1231.
  29. M. Chen, J. Tworek, H. Jun, Q. Yuan, H. P. d. O. Pinto, J. Kaplan, H. Edwards, Y. Burda, N. Joseph, G. Brockman et al., “Evaluating large language models trained on code,” arXiv preprint arXiv:2107.03374, 2021.
  30. R. Thoppilan, D. De Freitas, J. Hall, N. Shazeer, A. Kulshreshtha, H.-T. Cheng, A. Jin, T. Bos, L. Baker, Y. Du et al., “Lamda: Language models for dialog applications,” arXiv preprint arXiv:2201.08239, 2022.
  31. J. Achiam, S. Adler, S. Agarwal, L. Ahmad, I. Akkaya, F. L. Aleman, D. Almeida, J. Altenschmidt, S. Altman, S. Anadkat et al., “Gpt-4 technical report,” arXiv preprint arXiv:2303.08774, 2023.
  32. X. Du, M. Liu, K. Wang, H. Wang, J. Liu, Y. Chen, J. Feng, C. Sha, X. Peng, and Y. Lou, “Evaluating large language models in class-level code generation,” in 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE).   IEEE Computer Society, 2024, pp. 865–865.
  33. E. Nijkamp, H. H. Bo Pang, H. W. Lifu Tu, S. S. Yingbo Zhou, and C. Xiong, “Codegen: An open large language model for code with multi-turn program synthesis,” arXiv preprint arXiv:2203.13474, 2022.
  34. C. S. Xia, Y. Wei, and L. Zhang, “Automated program repair in the era of large pre-trained language models,” in 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), 2023, pp. 1482–1494.
  35. Z. Fan, X. Gao, M. Mirchev, A. Roychoudhury, and S. H. Tan, “Automated repair of programs from large language models,” in 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), 2023, pp. 1469–1481.
  36. N. Jiang, K. Liu, T. Lutellier, and L. Tan, “Impact of code language models on automated program repair,” in 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE), 2023, pp. 1430–1442.
  37. J. He and M. Vechev, “Large language models for code: Security hardening and adversarial testing,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, p. 1865–1879.
  38. S. Chen, S. Wong, L. Chen, and Y. Tian, “Extending context window of large language models via positional interpolation,” arXiv preprint arXiv:2306.15595, 2023.
  39. “strongswan is an opensource ipsec-based vpn solution.” [Online]. Available: https://github.com/strongswan/strongswan
  40. “A library providing the core ikev2 funcionability.” [Online]. Available: https://github.com/OpenIKEv2/libopenikev2
  41. “An internet key exchange (ike) implementation for linux, freebsd, netbsd and openbsd.” [Online]. Available: https://github.com/libreswan/libreswan
  42. xelerance, “An ipsec implementation for linux.” [Online]. Available: https://github.com/xelerance/Openswan
  43. aws, “s2n-tls is a c99 implementation of the tls/ssl protocols.” [Online]. Available: https://github.com/aws/s2n-tls
  44. “Openbgpd is a free implementation of the border gateway protocol.” [Online]. Available: https://www.openbgpd.org/
  45. lscube, “Feng - standard compliant streaming server.” [Online]. Available: https://github.com/lscube/feng
  46. Distrotech, “Openl2tp is a complete implementation of rfc2661.” [Online]. Available: https://github.com/Distrotech/openl2tp
  47. D. Li, R. Shao, A. Xie, Y. Sheng, L. Zheng, J. Gonzalez, I. Stoica, X. Ma, and H. Zhang, “How long can context length of open-source llms truly promise?” in NeurIPS 2023 Workshop on Instruction Tuning and Instruction Following, 2023.
  48. “Langchain is a framework for developing applications powered by language models.” [Online]. Available: https://www.langchain.com
  49. “Openai is an ai research and deployment company.” [Online]. Available: https://openai.com/
  50. “The ai community building the future.” [Online]. Available: https://huggingface.co/

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets