A language-based approach to protocol implementation
IEEE/ACM Transactions on Networking (TON)
ANTLR: a predicated-LL(k) parser generator
Software—Practice & Experience
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
A readable TCP in the Prolac protocol language
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Packet types: abstract specification of network protocol messages
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
A Network Protocol Stack in Standard ML
Higher-Order and Symbolic Computation
DataScript - A Specification and Scripting Language for Binary Data
GPCE '02 Proceedings of the 1st ACM SIGPLAN/SIGSOFT conference on Generative Programming and Component Engineering
Generating a Service Specification of a Connection Management Protocol
Proceedings of the IFIP WG6.1 Second International Workshop on Protocol Specification, Testing and Verification
IEEE Security and Privacy
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A methodology for estimating interdomain web traffic demand
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Proceedings of the 2004 ACM workshop on Rapid malcode
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
An analysis of internet content delivery systems
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
PADS: a domain-specific language for processing ad hoc data
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
The next 700 data description languages
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Design and implementation of netdude, a framework for packet trace manipulation
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Predicting short-transfer latency from TCP arcana: a trace-based validation
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Exploiting underlying structure for detailed reconstruction of an internet-scale event
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Rethinking hardware support for network analysis and intrusion prevention
HOTSEC'06 Proceedings of the 1st USENIX Workshop on Hot Topics in Security
Melange: creating a "functional" internet
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Polyglot: automatic extraction of protocol message format using dynamic binary analysis
Proceedings of the 14th ACM conference on Computer and communications security
Discoverer: automatic protocol reverse engineering from network traces
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Grammar-based whitebox fuzzing
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
High-Speed Matching of Vulnerability Signatures
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Tupni: automatic reverse engineering of input formats
Proceedings of the 15th ACM conference on Computer and communications security
Automatic feature selection for anomaly detection
Proceedings of the 1st ACM workshop on Workshop on AISec
Incorporation of Application Layer Protocol Syntax into Anomaly Detection
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Banzai: a Java framework for the implementation of high-performance servers
Proceedings of the 2009 ACM symposium on Applied Computing
Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering
Proceedings of the 16th ACM conference on Computer and communications security
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
The Journal of Machine Learning Research
A context-free markup language for semi-structured text
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Protocol normalization using attribute grammars
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Thwarting zero-day polymorphic worms with network-level length-based signature generation
IEEE/ACM Transactions on Networking (TON)
NetShield: massive semantics-based vulnerability signature matching for high-speed networks
Proceedings of the ACM SIGCOMM 2010 conference
The middlebox manifesto: enabling innovation in middlebox deployment
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
Verifying low-level implementations of high-level datatypes
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Banzai+Tatoo: Using cutting-edge parsers for implementing high-performance servers
Science of Computer Programming
Manipulating Wi-Fi packet traces with WiPal: design and experience
Software—Practice & Experience
Automatic protocol reverse-engineering: Message format extraction and field semantics inference
Computer Networks: The International Journal of Computer and Telecommunications Networking
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Reverse extraction of protocol model from network applications
International Journal of Internet Protocol Technology
| Hi-index | 0.00 |
A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.