Context Sensitive and Secure Parser Generation for Deep Packet Inspection of Binary Protocols

Abstract

Network protocol parsers constantly dissect a large number of packets to place into internal data structures for further processing. We propose an approach that automatically generates custom protocol parsers to process network traffic to be used as part of an Intrusion Detection System. This paper takes a look at the case of command and control/industrial control networks that are characterized by a limited number of known protocols. We present a robust, secure, and highperforming solution that deals with the issues that have only partially been addressed in this domain.