关键词: 网络协议, 协议逆向工程, 有限状态机, 可执行程序

Abstract: Protocol reverse engineering is important to both trusted software verification，protection and malware analysis.Because of protocol’s complexity，it’s particularly helpful to reconstruct high-level model which is consistent with the protocol’s source code among which the Finite State Machine（FSM） model is the most widely used.This paper proposes an efficient method to reconstruct network protocol’s FSM model from the recorded transcripts and execution traces in protocol’s sessions via decompilation and enhanced formal analysis/verification techniques，resulting in state instances，transition relations and state-transition conditions in the FSM.As a result，a generic FSM model is reconstructed from execution trace instances with practical efficiency and provable soundeness.In addition to theoretical description，the engineering evaluation and application of this method is also discussed.

Key words: network protocol, protocol reverse engineering, Finite State Machine（FSM）, executable binary