Skip to main content
SpringerLink
Log in

Data representation model for in-depth analysis of network traffic

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

This paper proposes a new object model of data for the in-depth analysis of network traffic. In contrast to the model used by most modern network analyzers (for example, Wireshark and Snort), the proposed model supports data stream reassembling with subsequent parsing. The model also provides a convenient universal mechanism for binding parsers, thus making it possible to develop completely independent parsers. Moreover, the proposed model allows processing modified—compressed or encrypted—data. This model forms the basis of the infrastructure for the in-depth analysis of network traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Tsankov, P., Dashti, M.T., and Basin, D., SECFUZZ: Fuzz-testing security protocols, Proc. 7th Int. Workshop on Automation of Software Test (AST), 2012, pp. 1–7.

    Google Scholar 

  2. Pakulin, N.V., Shnitman, V.Z., and Nikeshin, A.V., Automation of correspondence testing for telecommunication protocols, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2014, vol. 26, no. 1, pp. 109–148.

    Google Scholar 

  3. Scarfone, K. and Mell, P., Guide to Intrusion Detection and Prevention Systems (IDPS), Gaithersburg: Natl. Inst. Stand. Technol., 2007.

    Book  Google Scholar 

  4. Markin, Yu.V. and Sanarov, A.S., Survey of modern network traffic analyzers, Preprint of Inst. for Syst. Program. Russ. Acad. Sci., Moscow, 2014, no. 27.

  5. Recommendation MSE-T Y.2770: Requirements for In-Depth Analysis of Packets in Next-Generation Networks v. 1.0, 2012.

  6. Snort: Network Intrusion Detection and Prevention System. http://www.snort.org.

  7. Wireshark: Network Protocol Analyzer. http://www.wireshark.org.

  8. The Bro Network Security Monitor. http://www.bro.org.

  9. Internet protocol, IETF RFC 791, Information Sciences Institute, 1981.

  10. Dierks, T. and Rescorla, E., The transport layer security (TLS) protocol v. 1.2, IETF RFC 5246, 2008.

    Google Scholar 

  11. Pakulin, N.V., Shnitman, V.Z., and Nikeshin, A.V., Development of a test set for verifying the implementations of the TLS security protocol, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2012, vol. 23, pp. 387–404.

    Google Scholar 

  12. Nikeshin, A.V., Pakulin, N.V., and Shnitman, V.Z., Testing the implementations of the TLS client, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2015, vol. 27, no. 2, pp. 145–160.

    Google Scholar 

  13. Ylonen, T. and Lonvick, C., The secure shell (SSH) protocol architecture, IETF RFC 4251, 2006.

    Google Scholar 

  14. Transmission control protocol, IETF RFC 791, Information Sciences Institute, 1981.

  15. Postel, J., User datagram protocol, IETF RFC 768, 1980.

    Google Scholar 

  16. Risso, F., Baldini, A., Baldi, M., Monclus, P., and Morandi, O., Lightweight, payload-based traffic classification: An experimental evaluation, Proc. IEEE Int. Conf. on Communications (ICC), Beijing, 2008, pp. 5869–5875.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for System Programming, Russian Academy of Sciences, ul. Solzhenitsyna 25, Moscow, 109004, Russia

    I. Get’man, V. P. Ivannikov, Yu. V. Markin, V. A. Padaryan & A. Yu. Tikhonov

  2. Moscow State University, Moscow, 119991, Russia

    V. P. Ivannikov & V. A. Padaryan

  3. Moscow Institute of Physics and Technology, Institutskii per. 9, Dolgoprudnyi, Moscow oblast, 141700, Russia

    V. P. Ivannikov

  4. National Research University Higher School of Economics, ul. Myasnitskaya 20, Moscow, 101000, Russia

    V. P. Ivannikov

Authors
  1. I. Get’man
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. P. Ivannikov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu. V. Markin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. V. A. Padaryan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. A. Yu. Tikhonov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to I. Get’man.

Additional information

Original Russian Text © A.I. Get’man, V.P. Ivannikov, Yu.V. Markin, V.A. Padaryan, A.Yu. Tikhonov, 2015, published in Trudy Instituta Sistemnogo Programmirovaniya, 2015, Vol. 27, No. 4, pp. 5–22.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Get’man, I., Ivannikov, V.P., Markin, Y.V. et al. Data representation model for in-depth analysis of network traffic. Program Comput Soft 42, 316–323 (2016). https://doi.org/10.1134/S0361768816050030

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768816050030

Search

Navigation