Network Event Recognition

Network protocols can be tested by capturing communication packets, assembling them into the high-level events, and comparing these to a finite state machine that describes the protocol standard. This process, which we call Network Event Recognition (NER), faces a number of challenges only partially addressed by existing systems. These include the ability to provide precise conformance with specifications, achieve adequate performance, admit analysis of the correctness of recognizers, provide useful diagnostics to enable the analysis of errors, and provide reasonable fidelity by distinguishing application errors from network errors. We introduce a special-purpose Network Event Recognition Language (NERL) and associated tools to address these issues. We validate the design using case studies on protocols at application and transport layers. These studies show that our system can efficiently find errors in recognizers and implementations of widely deployed protocols; they also demonstrate how improved diagnostics and transformations can substantially improve understanding of information generated by packet traces.

[1]  Lalita Jategaonkar Jagadeesan,et al.  Safety Property Verification of ESTEREL Programs and Applications to Telecommunications Software , 1995, CAV.

[2]  Rudolph E. Seviora,et al.  An approach to automatic detection of software failures in real-time systems , 1997, Proceedings Third IEEE Real-Time Technology and Applications Symposium.

[3]  Satish Chandra,et al.  Packet types: abstract specification of network protocol messages , 2000 .

[4]  Robert T. Braden,et al.  Requirements for Internet Hosts - Application and Support , 1989, RFC.

[5]  Gregor von Bochmann,et al.  Trace Analysis for Conformance and Arbitration Testing , 1989, IEEE Trans. Software Eng..

[6]  Wu Jianping,et al.  From active to passive progress in testing internet routing protocols , 2002 .

[7]  Gregor von Bochmann,et al.  Test result analysis and validation of test verdicts , 1999 .

[8]  Bogdan Korel,et al.  Forward computation of dynamic program slices , 1994, ISSTA '94.

[9]  Steven Waldbusser Remote Network Monitoring Management Information Base , 1991, RFC.

[10]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[11]  David Watson,et al.  Transport and application protocol scrubbing , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[12]  Adam A. Porter,et al.  Specification-based Testing of Reactive Software: Tools and Experiments Experience Report , 1997, Proceedings of the (19th) International Conference on Software Engineering.

[13]  William C. Fenner,et al.  Known TCP Implementation Problems , 1999, RFC.

[14]  D. H. Crocker,et al.  Standard for the format of arpa intemet text messages , 1982 .

[15]  Marshall T. Rose,et al.  Post Office Protocol - Version 3 , 1988, RFC.

[16]  Gerard J. Holzmann,et al.  An Automated Verification Method for Distributed Systems Software Based on Model Extraction , 2002, IEEE Trans. Software Eng..

[17]  Carl A. Gunter,et al.  Formal verification of standards for distance vector routing protocols , 2002, JACM.

[18]  Pamela Zave,et al.  Deriving Specifications from Requirements: an Example , 1995, 1995 17th International Conference on Software Engineering.

[19]  Carl A. Gunter,et al.  Network Event Recognition for Packet-Mode Surveillance , 2002 .

[20]  Mahesh Viswanathan,et al.  Runtime Assurance Based On Formal Specifications , 1999, PDPTA.

[21]  Giovanni Vigna,et al.  NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[22]  Deepinder P. Sidhu,et al.  Experience with formal methods in protocol development , 1991, CCRV.

[23]  Farnam Jahanian,et al.  Experiments on six commercial TCP implementations using a software fault injection tool , 1997 .

[24]  Ana R. Cavalli,et al.  A GSM-MAP Protocol Experiment Using Passive Testing , 1999, World Congress on Formal Methods.

[25]  Mahesh Viswanathan,et al.  Foundations for the run-time analysis of software systems , 2000 .

[26]  Gerard J. Holzmann,et al.  Logic Verification of ANSI-C Code with SPIN , 2000, SPIN.

[27]  Hanêne Ben-Abdallah,et al.  MaC: A Framework for Run-Time Correctness Assurance of Real-Time Systems , 1998 .

[28]  Michael Jackson,et al.  Domain descriptions , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[29]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[30]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[31]  Debra J. Richardson,et al.  TAOS: Testing with Analysis and Oracle Support , 1994, ISSTA '94.

[32]  Alexandre Petrenko,et al.  Protocol testing: review of methods and relevance for software testing , 1994, ISSTA '94.

[33]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[34]  Deborah Estrin,et al.  Fault-oriented Test Generation for Multicast Routing Protocol Design , 1998, FORTE.

[35]  Ana R. Cavalli,et al.  Formal Methods for Conformance Testing: Results and Perspectives , 1993, Protocol Test Systems.

[36]  Jianping Wu,et al.  From Active to Passive: Progress in Testing of Internet Routing Protocols , 2001 .

[37]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[38]  Farnam Jahanian,et al.  ORCHESTRA: A Fault Injection Environment for Distributed Systems , 1996 .

[39]  G. Bochmann,et al.  Testing deterministic implementations from nondeterministic FSM specifications , 1996 .

[40]  Carl A. Gunter,et al.  Fault origin adjudication , 2000, FMSP '00.

[41]  Jeffrey D. Case,et al.  Simple Network Management Protocol (SNMP) , 1989, RFC.

[42]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[43]  G. Bochmann,et al.  TEST RESULT ANALYSIS WITH RESPECT TO FORMAL SPECIFICATIONS , 1989 .

[44]  Farnam Jahanian,et al.  An extensible probe architecture for network protocol performance measurement , 1998, SIGCOMM '98.

[45]  Daniel Massey,et al.  Fault detection in routing protocols , 1999, Proceedings. Seventh International Conference on Network Protocols.

[46]  Patrice Godefroid,et al.  VeriSoft: A Tool for the Automatic Analysis of Concurrent Reactive Software , 1997, CAV.

[47]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[48]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[49]  Deborah Estrin,et al.  Worst Case Performance Analysis of Wireless Ad-hoc Routing Protocols: Case Studies , 2000 .

[50]  Gregor von Bochmann,et al.  An automatic trace analysis tool generator for Estelle specifications , 1995, SIGCOMM '95.

[51]  Robert T. Braden,et al.  Requirements for Internet Hosts - Communication Layers , 1989, RFC.

[52]  S. Easterbrook,et al.  Generating Test Oracles via Model Checking , 1997 .

[53]  Laura K. Dillon,et al.  Generating oracles from your favorite temporal logic specifications , 1996, SIGSOFT '96.

[54]  Steve Parker,et al.  Some Testing Tools for TCP Implementors , 1998, RFC.

[55]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[56]  David Lee,et al.  Passive testing and applications to network management , 1997, Proceedings 1997 International Conference on Network Protocols.

[57]  Bogdan Korel,et al.  Slicing Event Traces of Large Software Systems , 2000, AADEBUG.

[58]  Carl A. Gunter,et al.  Formal Veri cation of Standards for Distance Vector Routing Protocols KARTHIKEYAN BHARGAVAN, DAVOR OBRADOVIC, and CARL A. GUNTER , 2022 .

[59]  Mark R. Crispin Internet Message Access Protocol - Version 4rev1 , 1996, RFC.

[60]  Debra J. Richardson,et al.  Specification-based test oracles for reactive systems , 1992, International Conference on Software Engineering.

[61]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[62]  Tony Larsson,et al.  Routing protocols in wireless ad-hoc networks : a simulation study , 1998 .

[63]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[64]  Carl A. Gunter,et al.  What packets may come: automata for network monitoring , 2001, POPL '01.

[65]  Satish Chandra,et al.  Packet Types: Abstract specifications of network protocol messages , 2000, SIGCOMM.

[66]  Rudolph E. Seviora,et al.  An architectural overview of a software supervisor , 1996, Proceedings of the Eighth Euromicro Workshop on Real-Time Systems.

[67]  Hanêne Ben-Abdallah,et al.  Formally specified monitoring of temporal properties , 1999, Proceedings of 11th Euromicro Conference on Real-Time Systems. Euromicro RTS'99.

[68]  Carl A. Gunter,et al.  Requirements for a Practical Network Event Recognition Language , 2002, RV@FLoC.

[69]  Guy Juanole,et al.  Observer-A Concept for Formal On-Line Validation of Distributed Systems , 1994, IEEE Trans. Software Eng..

[70]  Michael Jackson,et al.  A Reference Model for Requirements and Specifications , 2000, IEEE Softw..

[71]  Eddie Kohler,et al.  A readable TCP in the Prolac protocol language , 1999, SIGCOMM '99.

[72]  Michael Jackson,et al.  The Village Telephone System: A Case Study in Formal Software Engineering , 1998, TPHOLs.

[73]  Håkan Kvarnström,et al.  A survey of commercial tools for intrusion detection , 1999 .

[74]  John C. Klensin,et al.  Simple Mail Transfer Protocol , 2001, RFC.

[75]  Rudolph E. Seviora,et al.  An approach to automatic detection of software failures , 1995, Proceedings of Sixth International Symposium on Software Reliability Engineering. ISSRE'95.

[76]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[77]  W. Richard Stevens,et al.  TCP/IP Illustrated, Volume 1: The Protocols , 1994 .

[78]  Robbert van Renesse,et al.  Building adaptive systems using ensemble , 1998 .

[79]  Marshall T. Rose,et al.  Post Office Protocol: Version 3 , 1988, RFC.

[80]  David J. Farber,et al.  The Overseer, a Powerful Communications Attribute for Debugging and Security in Thin-Wire Connected Control Structures , 1976, ICCC.

[81]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[82]  Deborah Estrin,et al.  Simulation-based 'STRESS' testing case study: a multicast routing protocol , 1998, Proceedings. Sixth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.98TB100247).

[83]  Richard Barber,et al.  Intrusion Detection Systems , 2001 .

[84]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[85]  Stefan Axelsson Research in Intrusion-Detection Systems: A Survey , 1998 .

[86]  Qing Yu,et al.  Oracles for checking temporal properties of concurrent systems , 1994, SIGSOFT '94.

[87]  David C. Luckham,et al.  Complex Event Processing in Distributed Systems , 1998 .

[88]  David A. Maltz,et al.  A performance comparison of multi-hop wireless ad hoc network routing protocols , 1998, MobiCom '98.

[89]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[90]  Mahesh Viswanathan,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[91]  Jeffrey D. Case,et al.  Simple Network Management Protocol (SNMP) , 1990, RFC.

[92]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[93]  Robbert van Renesse,et al.  Building Adaptive Systems Using Ensemble , 1998, Softw. Pract. Exp..

[94]  Peter W. Resnick,et al.  Internet Message Format , 2001, RFC.

[95]  Michael Jackson,et al.  Four dark corners of requirements engineering , 1997, TSEM.

[96]  Vern Paxson,et al.  Automated packet trace analysis of TCP implementations , 1997, SIGCOMM '97.

[97]  David Lee,et al.  Testing IP Routing Protocols - From Probabilistic Algorithms to a Software Tool , 2000, FORTE.