%0 Conference Paper %1 1177119 %A Pang, Ruoming %A Paxson, Vern %A Sommer, Robin %A Peterson, Larry %B IMC '06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement %C New York, NY, USA %D 2006 %I ACM %K language parsing protocol yacc %P 289--300 %R http://doi.acm.org/10.1145/1177080.1177119 %T binpac: a yacc for writing application protocol parsers %U http://portal.acm.org/citation.cfm?id=1177080.1177119 %X A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution. %@ 1-59593-561-4

@inproceedings{1177119, abstract = {A key step in the semantic analysis of network traffic is to parse the traffic stream according to the high-level protocols it contains. This process transforms raw bytes into structured, typed, and semantically meaningful data fields that provide a high-level representation of the traffic. However, constructing protocol parsers by hand is a tedious and error-prone affair due to the complexity and sheer number of application protocols.This paper presents binpac, a declarative language and compiler designed to simplify the task of constructing robust and efficient semantic analyzers for complex network protocols. We discuss the design of the binpac language and a range of issues in generating efficient parsers from high-level specifications. We have used binpac to build several protocol parsers for the "Bro" network intrusion detection system, replacing some of its existing analyzers (handcrafted in C++), and supplementing its operation with analyzers for new protocols. We can then use Bro's powerful scripting language to express application-level analysis of network traffic in high-level terms that are both concise and expressive. binpac is now part of the open-source Bro distribution.}, added-at = {2007-12-06T03:18:39.000+0100}, address = {New York, NY, USA}, author = {Pang, Ruoming and Paxson, Vern and Sommer, Robin and Peterson, Larry}, biburl = {https://www.bibsonomy.org/bibtex/2edc58ce5cb42a317ca89b20263aae4ad/jhammerb}, booktitle = {IMC '06: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement}, description = {binpac}, doi = {http://doi.acm.org/10.1145/1177080.1177119}, interhash = {99c7196a57f5524af20f1b591cbb84a7}, intrahash = {edc58ce5cb42a317ca89b20263aae4ad}, isbn = {1-59593-561-4}, keywords = {language parsing protocol yacc}, location = {Rio de Janeriro, Brazil}, pages = {289--300}, publisher = {ACM}, timestamp = {2007-12-06T03:18:39.000+0100}, title = {binpac: a yacc for writing application protocol parsers}, url = {http://portal.acm.org/citation.cfm?id=1177080.1177119}, year = 2006 }