| Network protocol parsers constantly dissect a large number of network data to place into internal data structures for further processing by traffic analysis systems. Many network protocol parsers are hand-written for performance reasons, and lack the security required to run on mission-critical networks. We propose an approach that automatically generates custom protocol parsers to process network traffic to be used as part of an Intrusion Detection System. The user is provided a specification language in which they can define the protocols they need to analyse. This thesis looks at command and control/industrial control networks that are characterized by a limited number of known protocols. We present a robust, secure, and high-performing solution that deals with the issues that have only partially been addressed in this domain. |
