@article{MTMT:34564106, title = {On the Performance Evaluation of Protocol State Machine Reverse Engineering Methods}, url = {https://m2.mtmt.hu/api/publication/34564106}, author = {Ládi, Gergő and Holczer, Tamás}, doi = {10.24138/jcomss-2023-0149}, journal-iso = {J COMM SOFTW SYST}, journal = {JOURNAL OF COMMUNICATIONS SOFTWARE AND SYSTEMS}, volume = {20}, unique-id = {34564106}, issn = {1845-6421}, year = {2024}, pages = {76-87}, orcid-numbers = {Holczer, Tamás/0000-0003-0953-5397} } @article{MTMT:32707253, title = {Protocol State Machine Reverse Engineering with a Teaching-Learning Approach}, url = {https://m2.mtmt.hu/api/publication/32707253}, author = {Székely, Gábor and Ládi, Gergő and Holczer, Tamás and Buttyán, Levente}, doi = {10.14232/actacyb.288213}, journal-iso = {ACTA CYBERN-SZEGED}, journal = {ACTA CYBERNETICA}, volume = {25}, unique-id = {32707253}, issn = {0324-721X}, year = {2021}, eissn = {2676-993X}, pages = {517-535}, orcid-numbers = {Székely, Gábor/0000-0001-6148-3948; Holczer, Tamás/0000-0003-0953-5397} } @CONFERENCE{MTMT:31608017, title = {VIRTUALIZATION-ASSISTED TESTING OF NETWORK SECURITY SYSTEMS FOR NPPS}, url = {https://m2.mtmt.hu/api/publication/31608017}, author = {Holczer, Tamás and BERMAN, G. and DARRICADES, S. M. and GYÖRGY, P. and Ládi, Gergő}, booktitle = {International Conference on Nuclear Security: Sustaining and Strengthening Efforts}, unique-id = {31608017}, year = {2020}, pages = {1-10} } @article{MTMT:31604651, title = {GrAMeFFSI: Graph Analysis Based Message Format and Field Semantics Inference For Binary Protocols, Using Recorded Network Traffic}, url = {https://m2.mtmt.hu/api/publication/31604651}, author = {Ládi, Gergő and Buttyán, Levente and Holczer, Tamás}, doi = {10.36244/ICJ.2020.2.4}, journal-iso = {INFOCOMM J}, journal = {INFOCOMMUNICATIONS JOURNAL}, volume = {12}, unique-id = {31604651}, issn = {2061-2079}, abstract = {Protocol specifications describe the interaction between different entities by defining message formats and message processing rules. Having access to such protocol specifications is highly desirable for many tasks, including the analysis of botnets, building honeypots, defining network intrusion detection rules, and fuzz testing protocol implementations. Unfortunately, many protocols of interest are proprietary, and their specifications are not publicly available. Protocol reverse engineering is an approach to reconstruct the specifications of such closed protocols. Protocol reverse engineering can be tedious work if done manually, so prior research focused on automating the reverse engineering process as much as possible. Some approaches rely on access to the protocol implementation, but in many cases, the protocol implementation itself is not available or its license does not permit its use for reverse engineering purposes. Hence, in this paper, we focus on reverse engineering protocol specifications relying solely on recorded network traffic. More specifically, we propose GrAMeFFSI, a method based on graph analysis that can infer protocol message formats as well as certain field semantics for binary protocols from network traces. We demonstrate the usability of our approach by running it on packet captures of two known protocols, Modbus and MQTT, then comparing the inferred specifications to the official specifications of these protocols.}, year = {2020}, eissn = {2061-2125}, pages = {25-33}, orcid-numbers = {Holczer, Tamás/0000-0003-0953-5397} } @CONFERENCE{MTMT:31360878, title = {Towards Reverse Engineering Protocol State Machines}, url = {https://m2.mtmt.hu/api/publication/31360878}, author = {Székely, Gábor and Ládi, Gergő and Holczer, Tamás and Buttyán, Levente}, booktitle = {The 12th Conference of PhD Students in Computer Science}, unique-id = {31360878}, abstract = {In this work, we are addressing the problem of inferring the state machine of an unknown protocol. Our method is based on prior work on inferring Mealy machines. We require access to and interaction with a system that runs the unknown protocol, and we serve a state-of-the-art Mealy machine inference algorithm with appropriate input obtained from the system at hand. We implemented our method and illustrate its operation on a simple example protocol.}, year = {2020}, pages = {70-73} } @inproceedings{MTMT:30352812, title = {Message Format and Field Semantics Inference for Binary Protocols Using Recorded Network Traffic}, url = {https://m2.mtmt.hu/api/publication/30352812}, author = {Ládi, Gergő and Buttyán, Levente and Holczer, Tamás}, booktitle = {2018 26th International Conference on Software, Telecommunications and Computer Networks (SoftCOM)}, doi = {10.23919/SOFTCOM.2018.8555813}, unique-id = {30352812}, year = {2018}, orcid-numbers = {Holczer, Tamás/0000-0003-0953-5397} } @inproceedings{MTMT:3343530, title = {Semantics-Preserving Encryption for Computer Networking Related Data Types}, url = {https://m2.mtmt.hu/api/publication/3343530}, author = {Ládi, Gergő}, booktitle = {AIS 2017 - 12th International Symposium on Applied Informatics and Related Areas organized in the frame of Hungarian Science Festival 2017 by Óbuda University}, unique-id = {3343530}, year = {2017}, pages = {176-181} } @CONFERENCE{MTMT:3343528, title = {Transparent Encryption for Cloud-based Services}, url = {https://m2.mtmt.hu/api/publication/3343528}, author = {Ládi, Gergő}, booktitle = {Workshop on Information and Communication Technologies, Proceedings}, unique-id = {3343528}, year = {2017}, pages = {64-68} } @CONFERENCE{MTMT:3335077, title = {Transparent Encryption for Cloud-based Services}, url = {https://m2.mtmt.hu/api/publication/3335077}, author = {Ládi, Gergő}, booktitle = {Mesterpróba 2017: Tudományos konferencia végzős MSc és elsőéves PhD hallgatóknak Távközlés és infokommunikáció témakörében}, unique-id = {3335077}, abstract = {Transparent encryption is a method that involves encrypting data locally, on the user's computer, just before it is sent to cloud services to be stored, then decrypting said data later, straight after it is retrieved from the cloud service. All this takes place without having to alter the client application or the remote service (hence transparent). Applying this method ensures that even if the user's account or the provider itself is compromised, the attackers can only retrieve encrypted data that is useless without the encryption keys. This paper illustrates the design of a system that is capable of performing transparent encryption for various cloud-based services.}, year = {2017}, pages = {5-8} }