Automated Evasion Attacks and Fingerprinting Using Blackbox Differential Automata Learning

Explore a conference talk on SFADiff, an innovative approach to automated evasion attacks and fingerprinting using blackbox differential automata learning. Delve into the motivations behind evaluating web security products and the advantages of differential testing. Examine Symbolic Finite Automata (SFA) and the process of learning symbolic automata. Understand the concept of differential automata learning and its bootstrapping algorithm. Discover how to generate program fingerprints and construct fingerprint trees. Analyze the evaluation of the bootstrapping algorithm and its application in identifying differences in TCP/IP implementations, including a focus on the Mac OSX TCP/IP state machine. Gain valuable insights into this cutting-edge research presented at the 23rd ACM Conference on Computer and Communications Security.

Intro
Motivation
Evaluating Web Security Products
Why Differential Testing
Why not Differential Testing
Overview
Symbolic Finite Automata (SFA)
Learning Symbolic Automata
Why Differential Automata Learning
Bootstrapping SFA Learning
Difference Analysis
Generating Program Fingerprints
Fingerprint Tree
Evaluation Of Bootstrapping Algorithm
Differences in TCP/IP Implementations
Mac OSX TCP/IP State Machine
Conclusions