Presentation is loading. Please wait.

Presentation is loading. Please wait.

UltraPAC : automated protocol parser generator Daniel Burgener Jing Yuan.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "UltraPAC : automated protocol parser generator Daniel Burgener Jing Yuan."— Presentation transcript:

1 UltraPAC : automated protocol parser generator Daniel Burgener Jing Yuan

2 outline Background BinPAC BinPAC vs. UltraPAC Work so Far Future work

3 Background Anomaly detection – accuracy (vulnerability signature) – speed Vulnerability signature –parse the traffic stream based on application- level – obtain the signature by recovering the protocol field

4 Binpac Goal: –General parser for different application-level traffic Binpac : –build a hierarchical topology to recursively parse the protocol Not effective for high speed NIDS/NIPS –construct the parsing tree –call the parsing function recursively

5 UltraPAC vs. Binpac UltraPAC –Based on binpac – specially for the vulnerability signature matching – parsing tree vs. parsing state machine

6 Work so Far: Designing UltraPAC UltraPAC parses a protocol written in the binPAC language to create a C++ parser The necessary data for this parser is stored in the “Field Table” fieldPrevNextlenvar lengtharcoun t Label, ptr_lo 8Y labellength? N ptr_lolength?8N

7 Work so Far: Designing UltraPAC BinPAC has many different data structures we need to handle. Expressions in the length or next field can be any of the following: Number : number Variable set in &let : store the expression, and mark necessary variables to be saved &oneline : the regular expression “.*\n” &restofdata : get the remaining length from the buffer class &until : If dependent on $input, lookup in buffer class, if dependent on $element, store and mark as in &let

8 Work so Far: Designing UltraPAC BinPAC has many different data structures we need to handle. Expressions in the length or next field can be any of the following: Regular expression matching : store a regular expression Case : store the expression that generates the case variable &If : store the expression to be checked Arrays : always given an ending condition, so parse that

9 Future Work Implement UltraPAC The Field Table has already been implemented by Hongyu Our job is to parse the various expressions as described in previous slides and store them in the field table By the end of the quarter, we expect to have a working parser generator Schedule: Two weeks: a parser that works for HTTP Three weeks: a parser working for all ASCII protocols Four weeks: a perfectly working parser

Download ppt "UltraPAC : automated protocol parser generator Daniel Burgener Jing Yuan."

Similar presentations

1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.

1 Programming Languages (CS 550) Mini Language Interpreter Jeremy R. Johnson.
Introduction to Computer Science 2 Lecture 7: Extended binary trees

Introduction to Computer Science 2 Lecture 7: Extended binary trees
Chapter 8 Intermediate Code Generation. Intermediate languages: Syntax trees, three-address code, quadruples. Types of Three – Address Statements: x :=

Chapter 8 Intermediate Code Generation. Intermediate languages: Syntax trees, three-address code, quadruples. Types of Three – Address Statements: x :=
Translator Architecture Code Generator ParserTokenizer string of characters (source code) string of tokens abstract program string of integers (object.

Translator Architecture Code Generator ParserTokenizer string of characters (source code) string of tokens abstract program string of integers (object.
COMP-421 Compiler Design Presented by Dr Ioanna Dionysiou.

COMP-421 Compiler Design Presented by Dr Ioanna Dionysiou.
Lecture # 7 Chapter 4: Syntax Analysis. What is the job of Syntax Analysis? Syntax Analysis is also called Parsing or Hierarchical Analysis. A Parser.

Lecture # 7 Chapter 4: Syntax Analysis. What is the job of Syntax Analysis? Syntax Analysis is also called Parsing or Hierarchical Analysis. A Parser.
1 Lecture 20 Regular languages are a subset of LFSA –algorithm for converting any regular expression into an equivalent NFA –Builds on existing algorithms.

1 Lecture 20 Regular languages are a subset of LFSA –algorithm for converting any regular expression into an equivalent NFA –Builds on existing algorithms.
Context-Free Grammars Lecture 7

Context-Free Grammars Lecture 7
ISBN 0-321-19362-8 Chapter 4 Lexical and Syntax Analysis The Parsing Problem Recursive-Descent Parsing.

ISBN Chapter 4 Lexical and Syntax Analysis The Parsing Problem Recursive-Descent Parsing.
Prof. Bodik CS 164 Lecture 61 Building a Parser II CS164 3:30-5:00 TT 10 Evans.

Prof. Bodik CS 164 Lecture 61 Building a Parser II CS164 3:30-5:00 TT 10 Evans.
1 Regular Grammars Generate Regular Languages. 2 Theorem Regular grammars generate exactly the class of regular languages: If is a regular grammar then.

1 Regular Grammars Generate Regular Languages. 2 Theorem Regular grammars generate exactly the class of regular languages: If is a regular grammar then.
CS 310 – Fall 2006 Pacific University CS310 Parsing with Context Free Grammars Today’s reference: Compilers: Principles, Techniques, and Tools by: Aho,

CS 310 – Fall 2006 Pacific University CS310 Parsing with Context Free Grammars Today’s reference: Compilers: Principles, Techniques, and Tools by: Aho,
Compiler Summary Mooly Sagiv html://www.math.tau.ac.il/~msagiv/courses/wcc03.html.

Compiler Summary Mooly Sagiv html://
Prof. Fateman CS 164 Lecture 91 Bottom-Up Parsing Lecture 9.

Prof. Fateman CS 164 Lecture 91 Bottom-Up Parsing Lecture 9.
COMPASS Practice Test 13 Quadratics. This slide presentation will focus on quadratics. Quadratics will always have a variable raised to the second power,

COMPASS Practice Test 13 Quadratics. This slide presentation will focus on quadratics. Quadratics will always have a variable raised to the second power,
Grammars This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit.

Grammars This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit.
Compiler Principles Winter 2012-2013 Compiler Principles Exercises on scanning & top-down parsing Roman Manevich Ben-Gurion University.

Compiler Principles Winter Compiler Principles Exercises on scanning & top-down parsing Roman Manevich Ben-Gurion University.
Introduction Tables and graphs can be represented by equations. Data represented in a table can either be analyzed as a pattern, like the data presented.

Introduction Tables and graphs can be represented by equations. Data represented in a table can either be analyzed as a pattern, like the data presented.
2.2 A Simple Syntax-Directed Translator 1. 2 2.3 Syntax-Directed Translation 2.4 Parsing 2.5 A Translator for Simple Expressions 2.6 Lexical Analysis.

2.2 A Simple Syntax-Directed Translator Syntax-Directed Translation 2.4 Parsing 2.5 A Translator for Simple Expressions 2.6 Lexical Analysis.
1 Introduction to Parsing Lecture 5. 2 Outline Regular languages revisited Parser overview Context-free grammars (CFG’s) Derivations.

1 Introduction to Parsing Lecture 5. 2 Outline Regular languages revisited Parser overview Context-free grammars (CFG’s) Derivations.

Similar presentations

Ads by Google