Agpedia
CITATION — REFERENCE ENTRY

Lifting Network Protocol Implementation to Precise Format Specification with Security Applications — ACM

Revision f1a4a1c4-e9a5-4f24-a034-c2223a7d5b9e · 3/30/2026, 9:12:22 AM UTC
Key
shi2023protocol
Authors
Shi, Qingkai; Shao, Junyang; Ye, Yapeng; Zheng, Mingwei; Zhang, Xiangyu
Issued
2023-11
Type
paper-conference
Publisher
ACM
DOI
10.1145/3576915.3616614
URL
https://qingkaishi.github.io/public_pdfs/CCS23.pdf
Raw CSL JSON 
{
  "DOI": "10.1145/3576915.3616614",
  "URL": "https://qingkaishi.github.io/public_pdfs/CCS23.pdf",
  "type": "paper-conference",
  "title": "Lifting Network Protocol Implementation to Precise Format Specification with Security Applications",
  "author": [
    {
      "given": "Qingkai",
      "family": "Shi"
    },
    {
      "given": "Junyang",
      "family": "Shao"
    },
    {
      "given": "Yapeng",
      "family": "Ye"
    },
    {
      "given": "Mingwei",
      "family": "Zheng"
    },
    {
      "given": "Xiangyu",
      "family": "Zhang"
    }
  ],
  "issued": {
    "date-parts": [
      [
        2023,
        11
      ]
    ]
  },
  "publisher": "ACM",
  "event-place": "Copenhagen, Denmark",
  "event-title": "ACM SIGSAC Conference on Computer and Communications Security (CCS '23)"
}

Claims

  1. dynamic-analysis-limitation
    Existing protocol format inference techniques almost all rely on dynamic analysis driven by a limited number of network packets; if a feature is not present in the input packets, it will be missed in the resulting formats.
    "existing format-inference techniques often miss many formats, because almost all of them are in a fashion of dynamic analysis and rely on a limited number of network packets to drive their analysis. If a feature is not present in the input packets, the feature will be missed in the resulting formats."
    Locator: section: Abstract · Quote language: en
  2. protocol-lifting-results
    Protocol lifting via static analysis using the abstract format graph achieves >95% precision and recall in inferring protocol formats in under one minute, and substantially enhances protocol fuzzers, improving code coverage by 20–260% and discovering 53 zero-day vulnerabilities with 47 assigned CVEs.
    "Our evaluation shows that we can infer formats for a protocol in one minute with >95% precision and recall, much better than four baseline techniques. Our inferred formats can substantially enhance existing protocol fuzzers, improving the coverage by 20% to 260% and discovering 53 zero-days with 47 assigned CVEs."
    Locator: section: Abstract · Quote language: en
Available in
en - English