TY - GEN
T1 - Binpac
T2 - 6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006
AU - Pang, Ruoming
AU - Paxson, Vern
AU - Sommer, Robin
AU - Peterson, Larry
N1 - Copyright:
Copyright 2008 Elsevier B.V., All rights reserved.
PY - 2006
Y1 - 2006
N2 - A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.
AB - A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.
KW - Parser generator
KW - Protocol
UR - http://www.scopus.com/inward/record.url?scp=34547396634&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34547396634&partnerID=8YFLogxK
U2 - 10.1145/1177080.1177119
DO - 10.1145/1177080.1177119
M3 - Conference contribution
AN - SCOPUS:34547396634
SN - 1595935614
SN - 9781595935618
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 289
EP - 300
BT - Proceedings of the 2006 ACM SIGCOMM Internet Measurement Conference, IMC 2006
Y2 - 25 October 2006 through 27 October 2006
ER -