TY - JOUR
T1 - Network event recognition
AU - Bhargavan, Karthikeyan
AU - Gunter, Carl A.
N1 - Funding Information:
The idea of a developing a language for network event recognition came from a meeting between the authors of this paper and Satish Chandra and Pete McCann, who also provided us with considerable help and encouragement in various stages of the project. Our efforts benefited from our collaboration with Moonjoo Kim, Insup Lee, Davor Obradovic, Oleg Sokolsky, and Mahesh Viswanathan on the Verisim 1 system. We appreciated contributions from David Farber and Jonathan Smith, including their ideas on extending Overseer to active networks and Gerard Holzmann for his advice on implementing NERL. This research was supported by DARPA F30602-98-2-0198, ARO DAAG-98-1-0466, ONR N00014-99-1-0403 and ONR N00014-00-1-0641.
PY - 2005/11
Y1 - 2005/11
N2 - Network protocols can be tested by capturing communication packets, assembling them into the high-level events, and comparing these to a finite state machine that describes the protocol standard. This process, which we call Network Event Recognition (NER), faces a number of challenges only partially addressed by existing systems. These include the ability to provide precise conformance with specifications, achieve adequate performance, admit analysis of the correctness of recognizers, provide useful diagnostics to enable the analysis of errors, and provide reasonable fidelity by distinguishing application errors from network errors. We introduce a special-purpose Network Event Recognition Language (NERL) and associated tools to address these issues. We validate the design using case studies on protocols at application and transport layers. These studies show that our system can efficiently find errors in recognizers and implementations of widely deployed protocols; they also demonstrate how improved diagnostics and transformations can substantially improve understanding of information generated by packet traces.
AB - Network protocols can be tested by capturing communication packets, assembling them into the high-level events, and comparing these to a finite state machine that describes the protocol standard. This process, which we call Network Event Recognition (NER), faces a number of challenges only partially addressed by existing systems. These include the ability to provide precise conformance with specifications, achieve adequate performance, admit analysis of the correctness of recognizers, provide useful diagnostics to enable the analysis of errors, and provide reasonable fidelity by distinguishing application errors from network errors. We introduce a special-purpose Network Event Recognition Language (NERL) and associated tools to address these issues. We validate the design using case studies on protocols at application and transport layers. These studies show that our system can efficiently find errors in recognizers and implementations of widely deployed protocols; they also demonstrate how improved diagnostics and transformations can substantially improve understanding of information generated by packet traces.
KW - Correctness of implementations
KW - Formal analysis
KW - Languages for network protocols
KW - NERL
KW - Network event recognition
KW - Network monitoring
KW - Protocol verification
UR - http://www.scopus.com/inward/record.url?scp=29344459393&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=29344459393&partnerID=8YFLogxK
U2 - 10.1007/s10703-005-3398-4
DO - 10.1007/s10703-005-3398-4
M3 - Article
AN - SCOPUS:29344459393
SN - 0925-9856
VL - 27
SP - 213
EP - 251
JO - Formal Methods in System Design
JF - Formal Methods in System Design
IS - 3 SPEC. ISS.
ER -