@inproceedings{f5877d36122f484787c425fea905907d,
title = "Binpac: A yacc for writing application protocol parsers",
abstract = "A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the {"}Bro{"} network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.",
keywords = "Parser generator, Protocol",
author = "Ruoming Pang and Vern Paxson and Robin Sommer and Larry Peterson",
year = "2006",
month = dec,
day = "1",
doi = "10.1145/1177080.1177119",
language = "English (US)",
isbn = "1595935614",
series = "Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC",
pages = "289--300",
booktitle = "Proceedings of the 2006 ACM SIGCOMM Internet Measurement Conference, IMC 2006",
note = "6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006 ; Conference date: 25-10-2006 Through 27-10-2006",
}