Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Parser Generation for High-Speed NIDS

Published bySuhendra Lesmana Modified over 6 years ago

Similar presentations

Presentation on theme: "Automated Parser Generation for High-Speed NIDS"— Presentation transcript:

1 Automated Parser Generation for High-Speed NIDS
Hongyu Gao Clint Sbisa

2 Motivation Processing speed is crucial concern for NIDS/NIPS
Limited by rate of parsing packets Inefficient parsing leads to slow speeds and bottlenecks

3 Current Solutions Binpac Declarative language and compiler
Designed to simplify task of constructing complex protocol parsers Constructs a full parsing tree

4 Current Solutions Netshield
Integrate high-speed protocol parser to provide fast parsing speed Parsers are manually written, which is tedious work and error-prone

5 Proposed Solution A protocol parser generator
Read the protocol specification Output the parser for the specific protocol The parser is aware of matching The parser focuses on the fields needed by matching and skip unnecessary fields

6 Automated parser generation?
Proposed Solutions Comparison table Automated parser generation? Yes No Fast parsing Our solution Netshield parser Binpac parser

7 Design Principles The parsing process should avoid recursive calls
Parse trees are not used in parsing phase Skip unneeded information After parsing one field, the parser should be able to quickly jump to the next necessary field

8 Detailed design The parser consists of three parts
A pair of buffer pointers A field table ( key data structure) A table pointer

9 Detailed design on field table
Metadata Field type Field length Garbage length Next field Field 1 Field 2 Field n

10 Detailed Design on Parser

11 Implementation Basic approach: Fixed driver Fixed data structure
Protocol-specific table content

12 Related files

13 How to realize the system
Determine the size of field table Start with one root node in protocol parse tree Iteratively substitute complex field with multiple simpler fields Determine the FieldLength function Retrieve the information from Type class Type::attr_length_expr_, Type::attr_oneline_, etc.

14 How to realize the system
Determine the GarbageLength function Before compression, GarbageLength returns “0” for every field Compress the table Look forward for consequent fields Merge the length of unused fields into garbage fields of the field that precedes them

15 Snapshot for generated code

16 Snapshot for generated code, cont’d

17 Snapshot for generated code, cont’d

18 Demo

19 Questions? Suggestions?

Download ppt "Automated Parser Generation for High-Speed NIDS"

Similar presentations

Inside an XSLT Processor Michael Kay, ICL 19 May 2000.

Inside an XSLT Processor Michael Kay, ICL 19 May 2000.
Code Generation Mooly Sagiv html://www.cs.tau.ac.il/~msagiv/courses/wcc03.html Chapter 4.

Code Generation Mooly Sagiv html:// Chapter 4.
Aki Hecht Seminar in Databases (236826) January 2009

Aki Hecht Seminar in Databases (236826) January 2009
UltraPAC : automated protocol parser generator Daniel Burgener Jing Yuan.

UltraPAC : automated protocol parser generator Daniel Burgener Jing Yuan.
The Structure of the GNAT Compiler. A target-independent Ada95 front-end for GCC Ada components C components SyntaxSemExpandgigiGCC AST Annotated AST.

The Structure of the GNAT Compiler. A target-independent Ada95 front-end for GCC Ada components C components SyntaxSemExpandgigiGCC AST Annotated AST.
Indexing and Searching

Indexing and Searching
C++ Programming: Program Design Including Data Structures, Fifth Edition Chapter 17: Linked Lists.

C++ Programming: Program Design Including Data Structures, Fifth Edition Chapter 17: Linked Lists.
Testing. Definition From the dictionary- the means by which the presence, quality, or genuineness of anything is determined; a means of trial. For software.

Testing. Definition From the dictionary- the means by which the presence, quality, or genuineness of anything is determined; a means of trial. For software.
Parser-Driven Games Tool programming © Allan C. Milne Abertay University v12.7.11.

Parser-Driven Games Tool programming © Allan C. Milne Abertay University v
Gary MarsdenSlide 1University of Cape Town Principles of programming language design Gary Marsden Semester 2 – 2001.

Gary MarsdenSlide 1University of Cape Town Principles of programming language design Gary Marsden Semester 2 – 2001.
{ Graphite Grigory Arashkovich, Anuj Khanna, Anirban Gangopadhyay, Michael D’Egidio, Laura Willson.

{ Graphite Grigory Arashkovich, Anuj Khanna, Anirban Gangopadhyay, Michael D’Egidio, Laura Willson.
SOFTWARE & LOCALIZATION WEBSITE Simplify and accelerate your.

SOFTWARE & LOCALIZATION WEBSITE Simplify and accelerate your.
Query Execution Section 15.1 Shweta Athalye CS257: Database Systems ID: 118 Section 1.

Query Execution Section 15.1 Shweta Athalye CS257: Database Systems ID: 118 Section 1.
AxKit A member of the Apache XML project Ryan Maslyn Kyle Bechtel.

AxKit A member of the Apache XML project Ryan Maslyn Kyle Bechtel.
Introduction to Compiling

Introduction to Compiling
Muhammad Idrees, Lecturer University of Lahore 1 Top-Down Parsing Top down parsing can be viewed as an attempt to find a leftmost derivation for an input.

Muhammad Idrees, Lecturer University of Lahore 1 Top-Down Parsing Top down parsing can be viewed as an attempt to find a leftmost derivation for an input.
Chapter 1 Introduction Major Data Structures in Compiler

Chapter 1 Introduction Major Data Structures in Compiler
Customizing OVS using P4 Muhammad Shahbaz with Sean Choi, Ben Pfaff, Chaitanya Kodeboyina, Changhoon Kim, Nick McKeown, Nick Feamster, and Jen Rexford.

Customizing OVS using P4 Muhammad Shahbaz with Sean Choi, Ben Pfaff, Chaitanya Kodeboyina, Changhoon Kim, Nick McKeown, Nick Feamster, and Jen Rexford.
The Role of Lexical Analyzer

The Role of Lexical Analyzer
Object storage and object interoperability

Object storage and object interoperability

Similar presentations

Ads by Google