Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents

Speaker: MarĂ­a Leonor Pacheco and Max von Hippel , Purdue and Northeastern

Date: Wednesday, April 06, 2022

Time: 3:00 PM to 4:00 PM Note: all times are in the Eastern Time Zone

Public: Yes


Event Type: Seminar

Room Description:

Host: Srini Devadas, CSAIL

Contact: Kyle L Hogan,

Relevant URL:

Speaker URL: None

Speaker Photo:

Reminders to:,,

Reminder Subject: TALK: Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents

Automated attack discovery techniques, such as attacker synthesis or model-based fuzzing, provide powerful ways to ensure network protocols operate correctly and securely. Such techniques, in general, require a formal representation of the protocol, often in the form of a finite state machine (FSM). Unfortunately, many protocols are only described in English prose, and implementing even a simple network protocol as an FSM is time-consuming and prone to subtle logical errors. Automatically extracting protocol FSMs from documentation can significantly contribute to increased use of these techniques and result in more robust and secure protocol implementations.

In this work we focus on attacker synthesis as a representative technique for protocol security, and on RFCs as a representative format for protocol prose description. Unlike other works that rely on rule-based approaches or use off-the-shelf NLP tools directly, we suggest a data-driven approach for extracting FSMs from RFC documents. Specifically, we use a hybrid approach consisting of three key steps: (1) large-scale word-representation learning for technical language, (2) focused zero-shot learning for mapping protocol text to a protocol-independent information language, and (3) rule-based mapping from protocol-independent information to a specific protocol FSM. We show the generalizability of our FSM extraction by using the RFCs for six different protocols: BGPv4, DCCP, LTP, PPTP, SCTP and TCP. We demonstrate how automated extraction of an FSM from an RFC can be applied to the synthesis of attacks, with TCP and DCCP as case-studies. Our approach shows that it is possible to automate attacker synthesis against protocols by using textual specifications such as RFCs.

Zoom Info:

Join Zoom Meeting

Password: <3security

One tap mobile
+16465588656,,97527284254# US (New York)
+16699006833,,97527284254# US (San Jose)

Meeting ID: 975 2728 4254

US : +1 646 558 8656 or +1 669 900 6833

International Numbers:

Join by SIP

Join by Skype for Business

Research Areas:
Security & Cryptography, Systems & Networking

Impact Areas:

See other events that are part of the CSAIL Security Seminar Series 2022-2023.

Created by Kyle L Hogan Email at Friday, April 01, 2022 at 3:00 PM.