TY  - EJOU
AU  - Huang, Yuyao 
AU  - Shu, Hui 
AU  - Kang, Fei 

TI  - ProRE: A Protocol Message Structure Reconstruction Method Based on Execution Slice Embedding
T2  - Computers, Materials \& Continua

PY  - 2026
VL  - 86
IS  - 3
SN  - 1546-2226

AB  - Message structure reconstruction is a critical task in protocol reverse engineering, aiming to recover protocol field structures without access to source code. It enables important applications in network security, including malware analysis and protocol fuzzing. However, existing methods suffer from inaccurate field boundary delineation and lack hierarchical relationship recovery, resulting in imprecise and incomplete reconstructions. In this paper, we propose <sc>ProRE</sc>, a novel method for reconstructing protocol field structures based on program execution slice embedding. <sc>ProRE</sc> extracts code slices from protocol parsing at runtime, converts them into embedding vectors using a data flow-sensitive assembly language model, and performs hierarchical clustering to recover complete protocol field structures. Evaluation on two datasets containing 12 protocols shows that <sc>ProRE</sc> achieves an average F1 score of 0.85 and a cophenetic correlation coefficient of 0.189, improving by 19% and 0.126% respectively over state-of-the-art methods (including B<sc>in</sc>PRE, T<sc>upni</sc>, N<sc>etlifter</sc>, and <i>QwQ-32B-preview</i>), demonstrating significant superiority in both accuracy and completeness of field structure recovery. Case studies further validate the effectiveness of <sc>ProRE</sc> in practical malware analysis scenarios.
KW  - Protocol reverse engineering; program slicing; code embedding; hierarchical clustering

DO  - 10.32604/cmc.2025.071552