Manuel Leithner at ICTSS 2025

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

September 25, 2025

Combinatorial Testing is a highly effective black-box testing method that combines small test sets with strong fault detection capabilities. However, faced with unknown file formats or network protocols, it requires a method to extract a model of possible parameters and values to use in its test cases.

At the 37th International Conference on Testing Software and Systems (IFIP-ICTSS 2025), Manuel Leithner, leader of DAMAST’s CST team and the MATRIS-RST team at University of Applied Sciences Salzburg, presented Reverse Engineering for Input Modeling: Input Parameter Model Inference from Network Traces, a significant step towards the applicability of Combinatorial Testing (CT) and Combinatorial Security Testing (CST) against implementations of closed-source and proprietary network protocols.

This work extends Netzob, a semi-automated protocol reverse engineering tool, with the capability to automatically infer input parameter models for CT/CST and translate resulting combinatorial test sets to concrete messages that can subsequently be transmitted via a network to test a protocol implementation. It was performed in cooperation with Dimitris Simos, who leads the Joint Professorship for Cyber Security at University of Salzburg and Salzburg University of Applied Sciences.

Abstract

Combinatorial testing is a model-based testing methodology that offers mathematical guarantees about the coverage of the input space of a system under test. At the same time, it aims to minimize the number of required test cases, leading to faster execution of test sets. However, input parameter models are often not available in real-world settings; they require significant investment to create and maintain. For proprietary protocols, specifications are often not freely available at all. It thus seems prudent to enable practitioners to infer input parameter models from the system under test without relying on the availability of source code or detailed documentation. This work aims to allow testers, developers, and researchers to reverse engineer the format of unknown network protocols based on traffic traces, generate input parameter models suitable for use in combinatorial testing from this inferred specification, and translate abstract test sets represented by covering arrays to concrete messages that can subsequently be transmitted over the network. It is the first work to investigate the combination of protocol reverse engineering with automated input parameter modeling for combinatorial testing.

Links

Paper
Conference
DAMAST Research Group

News