MULTI-SOURCE TRANSFER LEARNING AND FIELD EXTRACTION FOR CROSS-DOMAIN PROTOCOL REVERSE ENGINEERING

Protocol reverse engineering (PRE) is critical for network security but faces scalability challenges when analyzing diverse proprietary protocols. Traditional approaches require protocol-specific expertise and cannot leverage knowledge across protocols. This paper presents CrossPRE, a Transformer-based universal transfer learning framework that automatically learns protocol-agnostic representations for cross-domain protocol field boundary identification. Through extensive evaluation on nine widely-used protocols spanning industrial control and network domains, CrossPRE demonstrates substantial performance improvements over state-of-the-art methods including FieldHunter, Netplier, BinaryInferno, and Netzob. Our framework demonstrates remarkable knowledge transfer effectiveness, achieving substantial performance gains in challenging cross-protocol scenarios. Multi-source transfer learning further enhances adaptation, particularly for industrial protocols where structural similarities enable robust knowledge sharing. Cross-domain experiments confirm effective bidirectional transfer between protocol families, establishing a new paradigm for scalable protocol reverse engineering that reduces manual analysis effort while maintaining high accuracy.

Recommended citation: Xianwen Ling, Kun Zhang∗ and Rong Tong, Xiaohe Wu, Dianying Chen http://lingxianwen.github.io/files/Ling.pdf