This is the continuation of this post.
We were able to find a mailing-list for STAT development in sourceforge[dot]net. The source code for few STAT based IDS were also available there, like NetSTAT, USTAT, etc. This finding actually has reduced the effort that we had put down in writing a compiler for STAT Language. It was a like a bonus that we were also able to find a STAT editor to graphically represent the attack scenario and obtain the stat file corresponding to the figure. This STATed was implemented in Java. The compiler could convert a STAT Language source to C-source file.
While installing STATL compiler and the STATed – STAT scenario editor we faced a few difficulties with the dependencies. I had put those in the corresponding mailing list. Still the problem, while installing the Winstat(IDS) persists. But the STATL compiler and the STATed were installed successfully.
Here starts the next major step in my academic life: Major Project. I like to see this work to be very important but I have also seen people who don’t want to do even this. They just want to get into some group and just survives there by utilizing the energy of other teammates.
As always when I start off a project I have lot of expectation about it. Completion then developing it, putting it in the public domain and allowing others to improve the work. But most of these don’t work out… :D. But this time I really want to make a change to it. And I will.
This time I going with a project on Intrusion Detection System. We are planning to make it on top of STAT framework. There would be a need to implement a compiler for STAT Language* also. We actually has no materials other than few (old)papers relating to it. But we took this project only because we felt it would be very interesting to modal an attack on the basis of a new frame work. Initially after making a compiler for a subset of the language we would like to give Proof of Concept for few attack signatures. Then we would be able to assert that this compiler could be extended to detect many more different attack patterns.
In the first phase we have to identify which all attacks are we modeling and also should decide on the method to implement the compiler for STATL and we also need to decide on the subset of STATL that would help us represent the identified attack sequences.
I will update this post as it goes.
EDIT: Continuation of this post is added here.
*Similar existing language would be Snort.
In our sixth semester of B-Tech we have a course on Compiler Design. For that two tools are being used: Lex which is a lexical analyzer and Yacc is a parser generator. While compiling the code for the lexical analyzer created by lex and the code for parse created by yacc we require few libraries to include some important function templates into the code. the flags used along with gcc for this purpose are “-ll” and “-lfl”.
After installing Lex/Yacc in my Fedora system few months back, I got an error stating that definition for yywrap is not included. After searching for some time I got the solution for it.
There can be methods to solve it :
- Just include the function yywrap in the lex file in the function definition part(third part of the code).Compiling can be done as “gcc lex.yy.c y.tab.c”
Install flex-static library to use the gcc flag -ll. After this just compile it like “gcc lex.yy.c y.tab.c -ll”.
But later I changed to Arch Linux, after 1 year of using Fedora.
But in Arch when I tryed to compile the lex/yacc file initially the same problem arised. I thought I could solve it the same way as before. All the researches I had done was in vain. I couldn’t find a package similar to flex-static anywhere. At that point of time I used the first option, which easily solved my problem.
If anyone could help in finding a package similar to flex-static in Arch Linux, please share.
New link can be found at abijith-kp.github.io