{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T19:14:45Z","timestamp":1776885285353,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":78,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3616614","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"1287-1301","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":14,"title":["Lifting Network Protocol Implementation to Precise Format Specification with Security Applications"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8297-8998","authenticated-orcid":false,"given":"Qingkai","family":"Shi","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-6905-3463","authenticated-orcid":false,"given":"Junyang","family":"Shao","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7232-0650","authenticated-orcid":false,"given":"Yapeng","family":"Ye","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-6032-6045","authenticated-orcid":false,"given":"Mingwei","family":"Zheng","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9544-2500","authenticated-orcid":false,"given":"Xiangyu","family":"Zhang","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. 2018 IBM X-Force Report. https:\/\/securityintelligence.com\/2018-ibm-x-force-report-shellshock-fades-gozi-rises-and-insider-threats-soar\/. (2018)."},{"key":"e_1_3_2_1_2_1","unstructured":"2022. Documents of OSDP. https:\/\/libosdp.gotomain.io\/. (2022)."},{"key":"e_1_3_2_1_3_1","unstructured":"2022. The FRRouting protocol suite. https:\/\/github.com\/FRRouting\/frr. (2022)."},{"key":"e_1_3_2_1_4_1","unstructured":"2022. The IETF QUIC protocol. https:\/\/github.com\/ngtcp2\/ngtcp2. (2022)."},{"key":"e_1_3_2_1_5_1","unstructured":"2022. Implementation of OSDP. https:\/\/github.com\/goToMain\/libosdp. (2022)."},{"key":"e_1_3_2_1_6_1","unstructured":"2022. A lightweight TCPIP stack. https:\/\/github.com\/lwip-tcpip\/lwip. (2022)."},{"key":"e_1_3_2_1_7_1","unstructured":"2022. Linux kernel source tree. https:\/\/github.com\/torvalds\/linux. (2022)."},{"key":"e_1_3_2_1_8_1","unstructured":"2022. A modern source server query protocol library written in C. https:\/\/github. com\/BinaryAlien\/libssq. (2022)."},{"key":"e_1_3_2_1_9_1","unstructured":"2022. Network forensics tools and datasets. https:\/\/github.com\/ MartinaZembjakova\/Network-forensic-tools-taxonomy. (2022)."},{"key":"e_1_3_2_1_10_1","unstructured":"2022. Network intrution & prevention systems. https:\/\/www.snort.org\/. (2022)."},{"key":"e_1_3_2_1_11_1","unstructured":"2022. Network protocol fuzzing. https:\/\/github.com\/jtpereyda\/boofuzz. (2022)."},{"key":"e_1_3_2_1_12_1","unstructured":"2022. Packet captures. https:\/\/packetlife.net\/captures. (2022)."},{"key":"e_1_3_2_1_13_1","unstructured":"2022. A pure-python fully automated and unattended fuzzing framework. https: \/\/github.com\/OpenRCE\/sulley. (2022)."},{"key":"e_1_3_2_1_14_1","unstructured":"2022. Smart card tools. https:\/\/github.com\/OpenSC\/OpenSC. (2022)."},{"key":"e_1_3_2_1_15_1","unstructured":"2022. Wireshark. https:\/\/www.wireshark.org\/\/. (2022)."},{"key":"e_1_3_2_1_16_1","unstructured":"2023. American fuzzy lop. https:\/\/lcamtuf.coredump.cx\/afl\/. (2023)."},{"key":"e_1_3_2_1_17_1","unstructured":"2023. Lifting network implementation to precise format specification. https: \/\/github.com\/qingkaishi\/netlifter. (2023)."},{"key":"e_1_3_2_1_18_1","unstructured":"2023. Top-down parsing. https:\/\/wikipedia.org\/wiki\/Top-down_parsing. (2023)."},{"key":"e_1_3_2_1_19_1","volume-title":"Ullman","author":"Aho Alfred V.","year":"2007","unstructured":"Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. 2007. Compilers: Principles, Techniques, and Tools. Pearson Addison Wesley."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2011.28"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00165-012-0269-9"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062349"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA360973"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080123"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111037.1111043"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653737"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315286"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI '08)","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, Dawson R. Engler, et al. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI '08). USENIX, 209--224."},{"key":"e_1_3_2_1_29_1","volume-title":"Inference and Analysis of Formal Models of Botnet Command and Control Protocols. In ACM Conference on Computer and Communications Security (CCS '10)","author":"Cho Chia Yuan","year":"2010","unstructured":"Chia Yuan Cho, Domagoj Babi\u0107, Eui Chul Richard Shin, and Dawn Song. 2010. Inference and Analysis of Formal Models of Botnet Command and Control Protocols. In ACM Conference on Computer and Communications Security (CCS '10). ACM, 426--439."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.14"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/567752.567778"},{"key":"e_1_3_2_1_32_1","unstructured":"Dave Crocker and Paul Overell. 1997. Augmented BNF for syntax specifications: ABNF. Technical Report. RFC 2234."},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security Symposium (Security '07)","author":"Cui Weidong","year":"2007","unstructured":"Weidong Cui, Jayanthkumar Kannan, and Helen Wang. 2007. Discoverer: Automatic protocol reverse engineering from network traces. In USENIX Security Symposium (Security '07). USENIX, 199--212."},{"key":"e_1_3_2_1_34_1","volume-title":"Network and Distributed System Security Symposium (NDSS '06)","author":"Cui Weidong","year":"2006","unstructured":"Weidong Cui, Vern Paxson, Nicholas Weaver, and Randy H Katz. 2006. Protocol-independent adaptive replay of application dialog.. In Network and Distributed System Security Symposium (NDSS '06). Internet Society, 1--15."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455820"},{"key":"e_1_3_2_1_36_1","volume-title":"ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '89)","author":"Cytron Ron","unstructured":"Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. 1989. An efficient method of computing static single assignment form. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '89). ACM, 25--35."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_3_2_1_38_1","volume-title":"Protocol State Fuzzing of TLS Implementations. In USENIX Security Symposium (Security '15)","author":"Ruiter Joeri De","year":"2015","unstructured":"Joeri De Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In USENIX Security Symposium (Security '15). USENIX, 193--206."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/646153.679523"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-016-0289-8"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28865-9_18"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3409679"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970321"},{"key":"e_1_3_2_1_44_1","volume-title":"USENIX Security Symposium (Security '22)","author":"Jabiyev Bahruz","year":"2022","unstructured":"Bahruz Jabiyev, Steven Sprecher, Anthony Gavazzi, Tommaso Innocenti, Kaan Onarlioglu, and Engin Kirda. 2022. FRAMESHIFTER: Security Implications of HTTP\/2-to-HTTP\/1 Conversion Anomalies. In USENIX Security Symposium (Security '22). USENIX, 1061--1075."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_46_1","volume-title":"USENIX Workshop on Offensive Technologies (WOOT '18)","author":"Kleber Stephan","year":"2018","unstructured":"Stephan Kleber, Henning Kopp, and Frank Kargl. 2018. NEMESYS: Network message syntax reverse engineering by analysis of the intrinsic structure of individual messages. In USENIX Workshop on Offensive Technologies (WOOT '18). USENIX, 1--13."},{"key":"e_1_3_2_1_47_1","volume-title":"IEEE Conference on Computer Communications (INFOCOM '20)","author":"Kleber Stephan","unstructured":"Stephan Kleber, Rens W. van der Heijden, and Frank Kargl. 2020. Message Type Identification of Binary Network Protocols using Continuous Segment Similarity. In IEEE Conference on Computer Communications (INFOCOM '20). IEEE, 2243--2252."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23318"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29178-4_2"},{"key":"e_1_3_2_1_50_1","first-page":"1","article-title":"LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the 2nd International Symposium on Code Generation and Optimization (CGO '04)","volume":"75","author":"Lattner Chris","year":"2004","unstructured":"Chris Lattner and Vikram Adve. 2004. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the 2nd International Symposium on Code Generation and Optimization (CGO '04). IEEE, 75:1--75:12.","journal-title":"IEEE"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.49"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/CIS.2011.156"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2006.29"},{"key":"e_1_3_2_1_54_1","volume-title":"Network and Distributed System Security Symposium (NDSS '08)","author":"Lin Zhiqiang","year":"2008","unstructured":"Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, and Xiangyu Zhang. 2008. Automatic protocol format reverse engineering through context-aware monitored execution. In Network and Distributed System Security Symposium (NDSS '08). Internet Society, 1--15."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2009.54"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/EIDWT.2013.71"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2013.01.013"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3559365"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00121"},{"key":"e_1_3_2_1_60_1","volume-title":"Proceedings of the 1st USENIX Symposium on Networked Systems Design and Implementation (NSDI '04)","author":"Musuvathi Madanlal","year":"2004","unstructured":"Madanlal Musuvathi, Dawson R Engler, et al. 2004. Model Checking Large Network Protocol Implementations. In Proceedings of the 1st USENIX Symposium on Networked Systems Design and Implementation (NSDI '04). USENIX, 1--14."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2840724"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.55"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.06.005"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.21236\/ADA538843"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2007.6"},{"key":"e_1_3_2_1_66_1","volume-title":"Lifting Network Protocol Implementation to Precise Format Specification with Security Applications. arXiv preprint arXiv:2305.11781","author":"Shi Qingkai","year":"2023","unstructured":"Qingkai Shi, Junyang Shao, Yapeng Ye, Mingwei Zheng, and Xiangyu Zhang. 2023. Lifting Network Protocol Implementation to Precise Format Specification with Security Applications. arXiv preprint arXiv:2305.11781 (2023)."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/8370341"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25318-8_14"},{"key":"e_1_3_2_1_69_1","volume-title":"USENIX Security Symposium (Security '22)","author":"Wang Fei","year":"2022","unstructured":"Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, and Mathias Payer. 2022. ProFactory: Improving IoT Security via Formalized Protocol Customization. In USENIX Security Symposium (Security '22). USENIX, 1--18."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/PDCAT.2011.25"},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2012.6459963"},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21554-4_1"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04444-1_13"},{"key":"e_1_3_2_1_75_1","volume-title":"Network and Distributed System Security Symposium (NDSS '08)","author":"Wondracek Gilbert","year":"2008","unstructured":"Gilbert Wondracek, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, and Scuola Superiore S Anna. 2008. Automatic network protocol analysis. In Network and Distributed System Security Symposium (NDSS '08). Internet Society, 1--18."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950340"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24531"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMA.2012.125"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616614","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3616614","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:43:02Z","timestamp":1755740582000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3616614"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":78,"alternative-id":["10.1145\/3576915.3616614","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3616614","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}