Learning-Based Testing the Sliding Window Behavior of TCP Implementations

  • Paul Fiterău-BroşteanEmail author
  • Falk Howar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10471)


We develop a learning-based testing framework for register automaton models that can express the windowing behavior of TCP, thereby presenting the first significant application of register automata learning to realistic software for a class of automata with Boolean-arithmetic constraints over data values. We have applied our framework to TCP implementations belonging to different operating systems and have found a violation of the TCP specification in Linux and Windows. The violation has been confirmed by Linux developers.


  1. 1.
    Stewart, R., Ramaiah, A., Dalal, M.: Improving TCP’s Robustness to Blind In-Window Attacks. RFC 5961, August 2010Google Scholar
  2. 2.
    Aarts, F., Fiterau-Brostean, P., Kuppens, H., Vaandrager, F.: Learning register automata with fresh value generation. In: Leucker, M., Rueda, C., Valencia, F.D. (eds.) ICTAC 2015. LNCS, vol. 9399, pp. 165–183. Springer, Cham (2015). doi: 10.1007/978-3-319-25150-9_11 CrossRefGoogle Scholar
  3. 3.
    Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Berg, T., Grinchtein, O., Jonsson, B., Leucker, M., Raffelt, H., Steffen, B.: On the correspondence between conformance testing and regular inference. In: Cerioli, M. (ed.) FASE 2005. LNCS, vol. 3442, pp. 175–189. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-31984-9_14 CrossRefGoogle Scholar
  5. 5.
    Cassel, S., Howar, F., Jonsson, B.: RALib: a LearnLib extension for inferring EFSMs. In: DIFTS 2015 (2015)Google Scholar
  6. 6.
    Cassel, S., Howar, F., Jonsson, B., Steffen, B.: Active learning for extended finite state machines. Formal Aspects Comput. 28(2), 233–263 (2016)CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    Fiterău-Broştean, P., Janssen, R., Vaandrager, F.: Learning fragments of the TCP network protocol. In: Lang, F., Flammini, F. (eds.) FMICS 2014. LNCS, vol. 8718, pp. 78–93. Springer, Cham (2014). doi: 10.1007/978-3-319-10702-8_6 Google Scholar
  8. 8.
    Fiterău-Broştean, P., Janssen, R., Vaandrager, F.: Combining model learning and model checking to analyze TCP implementations. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 454–471. Springer, Cham (2016). doi: 10.1007/978-3-319-41540-6_25 Google Scholar
  9. 9.
    Fiterău-Broştean, P., Lenaerts, T., de Ruiter, J., Poll, E., Vaandrager, F.W., Verleg, P.: Model learning and model checking of SSH implementations. In: SPIN Symposium (2017, to appear)Google Scholar
  10. 10.
    Hagerer, A., Hungar, H., Niese, O., Steffen, B.: Model generation by moderated regular extrapolation. In: Kutsche, R.-D., Weber, H. (eds.) FASE 2002. LNCS, vol. 2306, pp. 80–95. Springer, Heidelberg (2002). doi: 10.1007/3-540-45923-5_6 CrossRefGoogle Scholar
  11. 11.
    Koopman, P., Achten, P., Plasmeijer, R.: Model-based shrinking for state-based testing. In: McCarthy, J. (ed.) TFP 2013. LNCS, vol. 8322, pp. 107–124. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-45340-3_7 CrossRefGoogle Scholar
  12. 12.
    Meinke, K., Sindhu, M.A.: Lbtest: a learning-based testing tool for reactive systems. In: ICST 2013, pp. 447–454. IEEE Computer Society (2013)Google Scholar
  13. 13.
    Peled, D., Vardi, M.Y., Yannakakis, M.: Black box checking. J. Autom. Lang. Comb. 7(2), 225–246 (2001)zbMATHMathSciNetGoogle Scholar
  14. 14.
    Postel, J.: Transmission Control Protocol. RFC 793, September 1981Google Scholar
  15. 15.
    de Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: USENIX Security, pp. 193–206. USENIX Association, Washington, D.C. (2015)Google Scholar
  16. 16.
    Tretmans, J.: Model-based testing and some steps towards test-based modelling. In: Bernardo, M., Issarny, V. (eds.) SFM 2011. LNCS, vol. 6659, pp. 297–326. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21455-4_9 CrossRefGoogle Scholar
  17. 17.
    Valiant, L.G.: A theory of the learnable. Commun. ACM 27(11), 1134–1142 (1984)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Institute for Computing and Information SciencesRadboud UniversityNijmegenThe Netherlands
  2. 2.Institute for Applied Software Systems EngineeringClausthal University of TechnologyClausthal-ZellerfeldGermany

Personalised recommendations