Show simple item record

dc.contributor.authorSalloum, Mohammad
dc.contributor.otherQueen's University (Kingston, Ont.). Theses (Queen's University (Kingston, Ont.))en
dc.date.accessioned2019-09-03T21:43:02Z
dc.date.available2019-09-03T21:43:02Z
dc.identifier.urihttp://hdl.handle.net/1974/26508
dc.description.abstractApplication-specific parsing can be used to extract application data presented in a format that is customized to a particular application. Effective parsing of application data found in network traffic sets a solid ground to develop application-level traffic analysis software. An example application of application-level traffic analysis software is an intrusion detection system that works at the application-level. In this thesis, we present our work on message categorization and targeted parsing of text-based network protocol messages. We categorize protocol messages into types and parse each message with a parser targeted for that type of messages. We created a parser specification language to automatically generate custom parsers. The specification language is used to define the types of protocol messages, names of the grammars to be used for parsing, application data parts of a message and functions to be applied on the parsed data. We use the parser generation framework ANTLR to generate parsers for our system. We tested our parser approach on network traffic generated by four different applications running over text-based protocols. Our parser was able to parse any application data found in the network traffic. We created a Constraint Engine to demonstrate how our parsing system can be used to validate application-level constraints on network traffic.en_US
dc.language.isoenen_US
dc.relation.ispartofseriesCanadian thesesen
dc.rightsQueen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canadaen
dc.rightsProQuest PhD and Master's Theses International Dissemination Agreementen
dc.rightsIntellectual Property Guidelines at Queen's Universityen
dc.rightsCopying and Preserving Your Thesisen
dc.rightsThis publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.en
dc.subjectParsingen_US
dc.subjectText-based protocolsen_US
dc.subjectIntrusion Detectionen_US
dc.subjectANTLRen_US
dc.subjectConstraint-based intrusion detectionen_US
dc.subjectApplication-specificen_US
dc.titleApplication-specific parsing of text-based network protocolsen_US
dc.typethesisen
dc.description.degreeMaster of Applied Scienceen_US
dc.contributor.supervisorDean, Thomas
dc.contributor.departmentElectrical and Computer Engineeringen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record