Binpac: A yacc for writing application protocol parsers

Ruoming Pang, Vern Paxson, Robin Sommer, Larry Peterson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

81 Scopus citations

Abstract

A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.

Original languageEnglish (US)
Title of host publicationProceedings of the 2006 ACM SIGCOMM Internet Measurement Conference, IMC 2006
Pages289-300
Number of pages12
DOIs
StatePublished - Dec 1 2006
Event6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006 - Rio de Janeriro, Brazil
Duration: Oct 25 2006Oct 27 2006

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Other

Other6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006
CountryBrazil
CityRio de Janeriro
Period10/25/0610/27/06

Keywords

  • Parser generator
  • Protocol

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Binpac: A yacc for writing application protocol parsers'. Together they form a unique fingerprint.

  • Cite this

    Pang, R., Paxson, V., Sommer, R., & Peterson, L. (2006). Binpac: A yacc for writing application protocol parsers. In Proceedings of the 2006 ACM SIGCOMM Internet Measurement Conference, IMC 2006 (pp. 289-300). (Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC). https://doi.org/10.1145/1177080.1177119