Binpac

A yacc for writing application protocol parsers

Ruoming Pang, Vern Paxson, Robin Sommer, Larry Lee Peterson

Research output: Chapter in Book/Report/Conference proceedingConference contribution

78 Citations (Scopus)

Abstract

A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.

Original languageEnglish (US)
Title of host publicationProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
Pages289-300
Number of pages12
DOIs
StatePublished - 2006
Externally publishedYes
Event6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006 - Rio de Janeriro, Brazil
Duration: Oct 25 2006Oct 27 2006

Other

Other6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006
CountryBrazil
CityRio de Janeriro
Period10/25/0610/27/06

Fingerprint

Network protocols
Semantics
Complex networks
Intrusion detection
Specifications

Keywords

  • Parser generator
  • Protocol

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Pang, R., Paxson, V., Sommer, R., & Peterson, L. L. (2006). Binpac: A yacc for writing application protocol parsers. In Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC (pp. 289-300) https://doi.org/10.1145/1177080.1177119

Binpac : A yacc for writing application protocol parsers. / Pang, Ruoming; Paxson, Vern; Sommer, Robin; Peterson, Larry Lee.

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. 2006. p. 289-300.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Pang, R, Paxson, V, Sommer, R & Peterson, LL 2006, Binpac: A yacc for writing application protocol parsers. in Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. pp. 289-300, 6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006, Rio de Janeriro, Brazil, 10/25/06. https://doi.org/10.1145/1177080.1177119
Pang R, Paxson V, Sommer R, Peterson LL. Binpac: A yacc for writing application protocol parsers. In Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. 2006. p. 289-300 https://doi.org/10.1145/1177080.1177119
Pang, Ruoming ; Paxson, Vern ; Sommer, Robin ; Peterson, Larry Lee. / Binpac : A yacc for writing application protocol parsers. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC. 2006. pp. 289-300
@inproceedings{f5877d36122f484787c425fea905907d,
title = "Binpac: A yacc for writing application protocol parsers",
abstract = "A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the {"}Bro{"} network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.",
keywords = "Parser generator, Protocol",
author = "Ruoming Pang and Vern Paxson and Robin Sommer and Peterson, {Larry Lee}",
year = "2006",
doi = "10.1145/1177080.1177119",
language = "English (US)",
isbn = "1595935614",
pages = "289--300",
booktitle = "Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC",

}

TY - GEN

T1 - Binpac

T2 - A yacc for writing application protocol parsers

AU - Pang, Ruoming

AU - Paxson, Vern

AU - Sommer, Robin

AU - Peterson, Larry Lee

PY - 2006

Y1 - 2006

N2 - A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.

AB - A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.

KW - Parser generator

KW - Protocol

UR - http://www.scopus.com/inward/record.url?scp=34547396634&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34547396634&partnerID=8YFLogxK

U2 - 10.1145/1177080.1177119

DO - 10.1145/1177080.1177119

M3 - Conference contribution

SN - 1595935614

SN - 9781595935618

SP - 289

EP - 300

BT - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

ER -

Access to Document