Abstract: As for the problem of mining unknown protocol specifications in the research fields of network security, this paper proposes the formal definition of research problem and divides the current research into two layers according to the scope of specification：format, semantic mining in packets and behavior mining among packets. It discusses current technologies, evaluations and application scenarios in the two research layers. It summarizes future research trends based on the disadvantages of current solutions and requirements of application.

Key words: protocol specification, reverse engineering, packet format, behavior modeling, grammatical inference, automation learning

摘要： 针对网络安全领域中的协议规范挖掘问题，通过对近十年相关文献的研究，将此问题进行了规范的形式化定义，根据协议规范的作用域将其分为两个层面：报文内部的格式、语义规范挖掘与报文之间的协议行为规范挖掘。针对每个层面研究中涉及到的方法与技术，给出了概要的分析介绍、评价及应用场景。针对目前研究的不足与应用需求，对整个协议规范挖掘的研究趋势进行了展望。

关键词: 协议规范, 逆向工程, 报文格式, 行为建模, 文法推断, 自动机学习