Network event recognition

Karthikeyan Bhargavan, Carl A. Gunter

Research output: Contribution to journalArticlepeer-review


Network protocols can be tested by capturing communication packets, assembling them into the high-level events, and comparing these to a finite state machine that describes the protocol standard. This process, which we call Network Event Recognition (NER), faces a number of challenges only partially addressed by existing systems. These include the ability to provide precise conformance with specifications, achieve adequate performance, admit analysis of the correctness of recognizers, provide useful diagnostics to enable the analysis of errors, and provide reasonable fidelity by distinguishing application errors from network errors. We introduce a special-purpose Network Event Recognition Language (NERL) and associated tools to address these issues. We validate the design using case studies on protocols at application and transport layers. These studies show that our system can efficiently find errors in recognizers and implementations of widely deployed protocols; they also demonstrate how improved diagnostics and transformations can substantially improve understanding of information generated by packet traces.

Original languageEnglish (US)
Pages (from-to)213-251
Number of pages39
JournalFormal Methods in System Design
Issue number3 SPEC. ISS.
StatePublished - Nov 2005


  • Correctness of implementations
  • Formal analysis
  • Languages for network protocols
  • NERL
  • Network event recognition
  • Network monitoring
  • Protocol verification

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture


Dive into the research topics of 'Network event recognition'. Together they form a unique fingerprint.

Cite this