The importance of the ability to automatically reverse engineer application-level protocols and file format specifications has increased recently because of the growth in concern for network and system security. The availability of such application-level protocol and file format specifications information provides security applications such as firewalls or intrusion detection systems the context information of a network communication or file parsing session, which is important for accurately detecting or preventing intrusions. The ability to automatically reverse engineer application-level protocols and file format specifications alleviates the time-consuming and error-prone manual reverse engineering operation and provides tools to effectively combat contemporary security threats.
Most of the current efforts in reverse engineering of input formats of application-level protocols and file format specifications involve a manual operation. The time involved in accomplishing this task can sometimes be measured in years and this effort may prove unfeasible if the application-level protocol or file format changes faster than engineers can complete the reverse engineering. Existing technology that attempts to automatically reverse engineer application-level protocols and file format specifications also falls short of current market demands. Current tools for automatically reverse engineering protocols are limited to network protocols utilizing a network trace and are limited by the information available in the network trace. Consequently, binary fields and repetitive elements are difficult to identify.
The increase in interest in network and system security combined with a greater sophistication in application-level protocols and file specification formats has created a market demand for a system capable of automatically reverse engineering application-level protocols and file format specifications for areas other than network protocols. In addition to the security uses reference above, the results obtained from the reverse engineering is also valuable for network management applications and Generic Protocol Analyzers.