Sensors & Transducers



Vol. 249, Issue 2, February 2021, pp. 72-92





1, 2 P. -S. GREAU-HAMARD, 1, 2 M. DJOKO-KOUAM and 2 Y. LOUET



1 Informatics and Telecommunications Laboratory, ECAM Rennes Louis de Broglie, Campus de Ker-Lann, 2 Contour Antoine de Saint-Exupéry, 35170 Bruz, France

2 Signal, Communication, and Embedded Electronics (SCEE) team, Institute of Electronic and Telecommunications of Rennes (IETR) – UMR CNRS 6164, CentraleSupélec, Campus de Rennes, Avenue de la Boulaie,
35510 Cesson-Sévigné, France

E-mail: pierre-samuel.greau-hamard@ecam-rennes.com,
moise.djoko-kouam@ecam-rennes.com, Yves.Louet@centralesupelec.fr



Received: 15 October 2020 /Accepted: 15 December 2020 /Published: 28 February 2021





Abstract: In the fast developing world of telecommunications, it may prove useful to be able to analyse any protocol one comes across, even if it is unknown. To that end, one needs to get the state machine and the frame format of the protocol. These can be extracted from network and/or execution traces via Protocol Reverse Engineering (PRE). In this paper, we aim to evaluate and compare the performance of three algorithms used as part of three different PRE systems of the literature: Aho- Corasick (AC), Variance of the Distribution of Variances (VDV), and Latent Dirichlet Allocation (LDA). In order to do so, we suggest a new meaningful metric complementary to precision and recall: the fields detection ratio. We implemented and simulated these algorithms in an Internet of Things (IoT) context, and more precisely on ZigBee Data Link Layer frames. The results obtained clearly show that the LDA algorithm outperforms AC and VDV.


Keywords: Protocol reverse engineering, AC, VDV, LDA, Performance comparison.

___________________________________________________________________