An Investigation of Interaction and Information Needs for Protocol Reverse Engineering Automation

要旨

Protocol reverse engineering (ProtocolREing) consists of taking streams of network data and inferring the communication protocol. ProtocolREing is critical task in malware and system security analysis. Several ProtocolREing automation tools have been developed, however, in practice, they are not used because they offer limited interaction. Instead, reverse engineers (ProtocolREs) perform this task manually or use less complex visualization tools. To give ProtocolREs the power of more complex automation, we must first understand ProtocolREs processes and information and interaction needs to design better interfaces. We interviewed 16 ProtocolREs, presenting a paper prototype ProtocolREing automation interface, and ask them to discuss their approach to ProtocolREing while using the tool and suggest missing information and interactions. We designed our prototype based on existing ProtocolREing tool features and prior reverse engineering research's usability guidelines. We found ProtocolREs follow a flexible, hypothesis-driven process and identified multiple information and interaction needs when validating the automation's inferences. We provide suggestions for future interaction design.

受賞
Honorable Mention
著者
Samantha Katcher
Tufts University, Medford, Massachusetts, United States
James A. Mattei
Tufts University, Medford, Massachusetts, United States
Jared Chandler
Dartmouth College, Hanover, New Hampshire, United States
Daniel Votipka
Tufts University, Medford, Massachusetts, United States
DOI

10.1145/3706598.3713630

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713630

動画

会議: CHI 2025

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)

セッション: Programming and Interaction

G304
7 件の発表
2025-05-01 18:00:00
2025-05-01 19:30:00
日本語まとめ
読み込み中…