Abstract
This paper proposes a new object model of data for the in-depth analysis of network traffic. In contrast to the model used by most modern network analyzers (for example, Wireshark and Snort), the proposed model supports data stream reassembling with subsequent parsing. The model also provides a convenient universal mechanism for binding parsers, thus making it possible to develop completely independent parsers. Moreover, the proposed model allows processing modified—compressed or encrypted—data. This model forms the basis of the infrastructure for the in-depth analysis of network traffic.
Similar content being viewed by others
References
Tsankov, P., Dashti, M.T., and Basin, D., SECFUZZ: Fuzz-testing security protocols, Proc. 7th Int. Workshop on Automation of Software Test (AST), 2012, pp. 1–7.
Pakulin, N.V., Shnitman, V.Z., and Nikeshin, A.V., Automation of correspondence testing for telecommunication protocols, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2014, vol. 26, no. 1, pp. 109–148.
Scarfone, K. and Mell, P., Guide to Intrusion Detection and Prevention Systems (IDPS), Gaithersburg: Natl. Inst. Stand. Technol., 2007.
Markin, Yu.V. and Sanarov, A.S., Survey of modern network traffic analyzers, Preprint of Inst. for Syst. Program. Russ. Acad. Sci., Moscow, 2014, no. 27.
Recommendation MSE-T Y.2770: Requirements for In-Depth Analysis of Packets in Next-Generation Networks v. 1.0, 2012.
Snort: Network Intrusion Detection and Prevention System. http://www.snort.org.
Wireshark: Network Protocol Analyzer. http://www.wireshark.org.
The Bro Network Security Monitor. http://www.bro.org.
Internet protocol, IETF RFC 791, Information Sciences Institute, 1981.
Dierks, T. and Rescorla, E., The transport layer security (TLS) protocol v. 1.2, IETF RFC 5246, 2008.
Pakulin, N.V., Shnitman, V.Z., and Nikeshin, A.V., Development of a test set for verifying the implementations of the TLS security protocol, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2012, vol. 23, pp. 387–404.
Nikeshin, A.V., Pakulin, N.V., and Shnitman, V.Z., Testing the implementations of the TLS client, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2015, vol. 27, no. 2, pp. 145–160.
Ylonen, T. and Lonvick, C., The secure shell (SSH) protocol architecture, IETF RFC 4251, 2006.
Transmission control protocol, IETF RFC 791, Information Sciences Institute, 1981.
Postel, J., User datagram protocol, IETF RFC 768, 1980.
Risso, F., Baldini, A., Baldi, M., Monclus, P., and Morandi, O., Lightweight, payload-based traffic classification: An experimental evaluation, Proc. IEEE Int. Conf. on Communications (ICC), Beijing, 2008, pp. 5869–5875.
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © A.I. Get’man, V.P. Ivannikov, Yu.V. Markin, V.A. Padaryan, A.Yu. Tikhonov, 2015, published in Trudy Instituta Sistemnogo Programmirovaniya, 2015, Vol. 27, No. 4, pp. 5–22.
Rights and permissions
About this article
Cite this article
Get’man, I., Ivannikov, V.P., Markin, Y.V. et al. Data representation model for in-depth analysis of network traffic. Program Comput Soft 42, 316–323 (2016). https://doi.org/10.1134/S0361768816050030
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768816050030