Recognizing Dynamic Fields in Network Traffic with a Manually Assisted Solution

  • Jarko Papalitsas
  • Jani Tammi
  • Sampsa Rauti
  • Ville Leppänen
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 746)


Payloads of packets transmitted over network contain dynamic fields that represent many kinds of real world objects. In many different applications, there is a need to recognize and sometimes replace these fields. In this paper, we present a manually assisted solution for searching and annotating dynamic fields in message payloads, specifically focusing on web environment. Our tool provides a simple and intuitive graphical user interface for annotating dynamic fields.


  1. 1.
    Almeshekah, M.H., Spafford, E.G.: Planning and integrating deception into computer security defenses. In: Proceedings of the 2014 Workshop on New Security Paradigms Workshop, pp. 127–138. ACM (2014)Google Scholar
  2. 2.
    Cohen, F., Koike, D.: Misleading attackers with deception. In: Proceedings from the Fifth Annual IEEE Information Assurance Workshop, pp. 30–37. IEEE (2004)Google Scholar
  3. 3.
    Cui, W., Paxson, V., Weaver, N., Katz, R.H.: Protocol-independent adaptive replay of application dialog. In: Proceedings of the 13th Annual Network and Distributed System Security Symposium (2006)Google Scholar
  4. 4.
    Gnome Developer: GTK+ 3 Reference Manual.
  5. 5.
    Irving, R.W., Fraser, C.B.: Two algorithms for the longest common subsequence of three (or more) strings, pp. 214–229. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  6. 6.
    Moser, D.: Diffuse homepage.
  7. 7.
    Nadeau, D., Turney, P.D., Matwin, S.: Unsupervised named-entity recognition: generating gazetteers and resolving ambiguity. In: Proceedings of the 19th International Conference on Advances in Artificial Intelligence: Canadian Society for Computational Studies of Intelligence, AI 2006, pp. 266–277. Springer-Verlag (2006)CrossRefGoogle Scholar
  8. 8.
    Papalitsas, J., Rauti, S., Leppänen, V.: A comparison of record and play honeypot designs. In: Proceedings of the 18th International Conference on Computer Systems and Technologies, CompSysTech 2017, pp. 133–140. ACM, New York (2017)Google Scholar
  9. 9.
    Python Software Foundation: difflibGoogle Scholar
  10. 10.
    Sekine, S., Nobata, C.: Definition, dictionaries and tagger for extended named entity hierarchy. In: LREC, pp. 1977–1980 (2004)Google Scholar
  11. 11.
    Tammi, J., Rauti, S., Leppänen, V.: Practical Challenges in Building Fake Services with the Record and Play Approach (2017, accepted)Google Scholar
  12. 12.
    Wang, Q., Korkin, D., Shang, Y.: A fast multiple longest common subsequence (MLCS) algorithm. IEEE Trans. Knowl. Data Eng. 23(3), 321–334 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Jarko Papalitsas
    • 1
  • Jani Tammi
    • 1
  • Sampsa Rauti
    • 1
  • Ville Leppänen
    • 1
  1. 1.University of TurkuTurkuFinland

Personalised recommendations