UltraPAC: automated protocol parser generator - PowerPoint PPT Presentation

About This Presentation
Title:

UltraPAC: automated protocol parser generator

Description:

Title: PowerPoint Presentation Last modified by: Jing Created Date: 1/1/1601 12:00:00 AM Document presentation format: Other titles – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 10
Provided by: north125
Category:

less

Transcript and Presenter's Notes

Title: UltraPAC: automated protocol parser generator


1
UltraPACautomated protocol parser generator
  • Daniel Burgener
  • Jing Yuan

2
outline
  • Background
  • BinPAC
  • BinPAC vs. UltraPAC
  • Work so Far
  • Future work

3
Background
  • Anomaly detection
  • accuracy (vulnerability signature)
  • speed
  • Vulnerability signature
  • parse the traffic stream based on
    application-level
  • obtain the signature by recovering the protocol
    field

4
Binpac
  • Goal
  • General parser for different application-level
    traffic
  • Binpac
  • build a hierarchical topology to recursively
    parse the protocol
  • Not effective for high speed NIDS/NIPS
  • construct the parsing tree
  • call the parsing function recursively

5
UltraPAC vs. Binpac
  • UltraPAC
  • Based on binpac
  • specially for the vulnerability signature
    matching
  • parsing tree vs. parsing state machine

6
Work so Far Designing UltraPAC
  • UltraPAC parses a protocol written in the binPAC
    language to create a C parser
  • The necessary data for this parser is stored in
    the Field Table

field Prev Next len var
length arcount Label, ptr_lo 8 Y
label length ? length N
ptr_lo length ? 8 N
7
Work so Far Designing UltraPAC
  • BinPAC has many different data structures we need
    to handle. Expressions in the length or next
    field can be any of the following
  • Number number
  • Variable set in let store the expression, and
    mark necessary variables to be saved
  • oneline the regular expression .\n
  • restofdata get the remaining length from the
    buffer class
  • until If dependent on input, lookup in buffer
    class, if dependent on element, store and mark
    as in let

8
Work so Far Designing UltraPAC
  • BinPAC has many different data structures we need
    to handle. Expressions in the length or next
    field can be any of the following
  • Regular expression matching store a regular
    expression
  • Case store the expression that generates the
    case variable
  • If store the expression to be checked
  • Arrays always given an ending condition, so
    parse that

9
Future Work
  • Implement UltraPAC
  • The Field Table has already been implemented by
    Hongyu
  • Our job is to parse the various expressions as
    described in previous slides and store them in
    the field table
  • By the end of the quarter, we expect to have a
    working parser generator
  • Schedule
  • Two weeks a parser that works for HTTP
  • Three weeks a parser working for all ASCII
    protocols
  • Four weeks a perfectly working parser
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "UltraPAC: automated protocol parser generator" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!