Integrating Flow and Program Analysis for Enhanced Protocol Reverse Engineering

The current protocol reversal framework comprises three key components: protocol message format extraction, protocol semantic analysis, and protocol state machine reasoning. Researchers have introduced various automated analysis methods, categorized into flow-based and program-based approaches. This paper focuses on the fundamental aspects of protocol reversal, specifically the extraction of protocol syntax, semantics, and synchronization information. An innovative approach is presented, combining both flow-based and program-based methods to propose a protocol message format extraction technique. This aims to fully leverage the strengths of both methods and enhance protocol reversal analysis technology. The integration of message parsing paths and byte memory propagation paths results in improved performance for protocol reversal analysis technology.