International Journal of Open Information Technologies

The paper addresses the problem of quantitative evaluation of the complexity of reverse engineering a binary TCP/IP server in the absence of source code and formal protocol specifications. A formalized model of the reverse engineering process is proposed, based on representing the analyzed software as a directed call graph and a set of functional components responsible for network message processing. An integral complexity metric is introduced that aggregates temporal, structural, and semantic parameters of the analysis. An experimental study of the influence of an assistive tool based on neural network function classification on the effort required for binary code analysis is conducted. The results show that preliminary structuring of the search space and prioritization of functions for detailed examination make it possible to reduce the total analysis time by approximately 30 % while maintaining a comparable level of completeness in protocol logic reconstruction. The scientific novelty of the work lies in the formalization of the complexity of the reverse engineering process of a network binary TCP/IP server, the introduction of an integral metric for analysis effort, and the experimental evaluation of the impact of neural network–based assistance on reducing structural and semantic uncertainty during the analysis of binary programs.

Tanenbaum, E.S., Weatherall, D. Computer Networks. 5th ed. — St. Petersburg: Piter, 2012. — 960 p.

Tanenbaum, E.S., Austin, T. Computer Architecture. 6th ed. — St. Petersburg: Piter, 2014. — 816 p.

Stevens, W.R. TCP/IP. The Definitive Guide. Vol. 1: Protocols. — St. Petersburg: Piter, 2003. — 672 p.

Russinovich, M., Solomon, D., Ionescu, A., and Iosifovich, P. Windows Internals. 7th ed. — St. Petersburg: Piter, 2021. — 944 p.

Sikorski, M., Honig, E. The Autopsy Will Reveal! Practical Mal-ware Analysis. — St. Petersburg: Piter, 2013. — 800 p.

Kaspersky K. The Art of Disassembling. — St. Petersburg: BHV-Petersburg, 2009. — 896 p.

Kaspersky K. Way of Thinking — the IDA Disassembler. — Moscow: SOLON-R, 2001. — 480 p.

Eilam E. Reverse Engineering: Studying Programs Without Source Code. — Moscow: Williams, 2007. — 592 p.

Yurichev D. Reverse Engineering for Beginners [Electronic resource]. — Access mode: https://yurichev.com/news/20200227_anniversary/12-Mar-2013/RE_for_beginners-ru.pdf

Knuth D. E. The Art of Computer Programming. Vol. 1: Basic Algorithms. 3rd ed. — Moscow: Williams, 2013. — 720 p.

Shin E. C. R., Song D., Moazzezi R. Recognizing Functions in Binaries with Neural Networks // Proceedings of the 24th USENIX Security Symposium (USENIX Security 2015). — Washington, D.C., 2015. — P. 611–626.

Rosenblum N., Zhu X., Miller B. P., Hunt K. Learning to Ana-lyze Binary Code with Neural Networks // Proceedings of the In-ternational Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017). - Atlanta, GA, 2017. - P. 403–424.