Context Sensitive and Secure Parser Generation for Deep Packet Inspection of Binary Protocols

Thumbnail Image
El Shakankiry, Ali
Binary , Network Protocol Parser , Parser , Context Sensitive , Computer , Security , Packet , Packet Verification , Traffic Analysis , Protocol Parsing , Networking , Network Security
Network protocol parsers constantly dissect a large number of network data to place into internal data structures for further processing by traffic analysis systems. Many network protocol parsers are hand-written for performance reasons, and lack the security required to run on mission-critical networks. We propose an approach that automatically generates custom protocol parsers to process network traffic to be used as part of an Intrusion Detection System. The user is provided a specification language in which they can define the protocols they need to analyse. This thesis looks at command and control/industrial control networks that are characterized by a limited number of known protocols. We present a robust, secure, and high-performing solution that deals with the issues that have only partially been addressed in this domain.
External DOI