Model of data handling for in-depth analysis of network traffic

A. I. Get'man; V. P. Ivannikov; Yu. V. Markin; V. A. Padaryan; A. Yu. Tikhonov

doi:10.15514/ISPRAS-2015-27(4)-1

Труды Института системного программирования РАН (Oct 2018)

Model of data handling for in-depth analysis of network traffic

A. I. Get'man,
V. P. Ivannikov,
Yu. V. Markin,
V. A. Padaryan,
A. Yu. Tikhonov

Affiliations

A. I. Get'man: ИСП РАН
V. P. Ivannikov: ИСП РАН; МГУ имени М.В. Ломоносова, 2-й учебный корпус, факультет ВМК; Московский физико-технический институт (государственный университет); НИУ ВШЭ
Yu. V. Markin: ИСП РАН
V. A. Padaryan: ИСП РАН; МГУ имени М.В. Ломоносова, 2-й учебный корпус, факультет ВМК
A. Yu. Tikhonov: ИСП РАН

DOI: https://doi.org/10.15514/ISPRAS-2015-27(4)-1
Journal volume & issue: Vol. 27, no. 4
pp. 5 – 22

Abstract

Read online

The article suggests a new object model of data for in-depth analysis of network traffic. In contrast to the model used by most existing network analyzers, such as Wireshark or Snort, the core of our model supports data streams reassembling and next processing. The model also provides a convenient universal mechanism for binding parsers. So one can develop parsers independently at all. Our model also provides processing of modified, e.g. compressed or encrypted, data. It forms the basis of the infrastructure for in-depth analysis of network traffic.

Published in Труды Института системного программирования РАН

ISSN: 2079-8156 (Print); 2220-6426 (Online)
Publisher: Ivannikov Institute for System Programming of the Russian Academy of Sciences
Country of publisher: Russian Federation
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://ispranproceedings.elpub.ru/jour/index

About the journal

Abstract

Keywords