Computer Science ›› 2015, Vol. 42 ›› Issue (11): 184-187.doi: 10.11896/j.issn.1002-137X.2015.11.038

Previous Articles     Next Articles

Analysis and Research on Address Message of Unknown Single Protocol Data Frame

ZHENG Jie and ZHU Qiang   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Network protocols are sets of standards for certain network communications.The protocol identification and analysis have great significance for network management and security.The technologies of protocol identification are varied,but in the process of protocol identification,in order to simplify the identification process and improve the efficiency of protocol identification,it usually needs to separate the unknown mixed multi-protocol into single protocol,and then makes further identification.This paper presented an efficient method to determine the single protocol address message based on the previous work to separate unknown mixed data frame into single protocol.By this way the data frames of single protocol are split into point to point data frame according to the address,and then the final identification of unknown protocol is achieved.In the end,we evaluated the method by analyzing the ARP and TCP data.The results show that this method can find out more than 2/3 address information.

Key words: Protocol identification,Separate protocol,Single protocol,Data frame,Address message

[1] 官建文.中国移动互联网发展报告[M].社会科学文献出版社,2012 Guan Jian-wen.Report on the development situation of China Mobile Internet[M].Social Sciences Acadmeic Press,2012
[2] 朱树永.协议识别技术研究[D].长沙:国防科技大学,2008 Zhu Shu-yong.The study on protocol identification technology[D].Changsha:National University of Defense Technology,2008
[3] IANA.http://www.iana.org/assignments/port-umbers
[4] Liu R T,Huang N F,Chen C H,et al.A fast string-matching algorithm for network processor-based intrusion detection system[J].ACM Transactions on Embedded Computing Systems,2004,3(3):614-633
[5] IANA.Internet Assigned Numbers Authority.http:/www.iana.org/assignments/port-numbers
[6] Kim M S,Won Y J,Hong J W K.Application-level traffic monitoring and an analysis on IP networks[J].ETRI Journal,2005,27(1):22-42
[7] Chen C C,Wang S D.An efficient multicharacter transitionstring-matching engine based on the Aho-Corasick Algorithm [J].ACM Transactions on Architecture and Code Optimization,2013,10(4):1-22
[8] 刘佳雄.基于DPI和DFI技术的对等流量识别系统的设计[D].秦皇岛:燕山大学,2010 Liu Jia-xiong.The design for a real-time P2P traffic detection system based on DPI and DFI[D].Qinhuangdao:Yanshan University,2010
[9] Sen S,Spatscheck O,Wang Dong-mei.Accurate,scalable in network identification of P2P traffic using application signatures[C]∥Proc of the 13th International World Wide Web Confe-rence.2004:512-521
[10] Schiller A C,Binkley J,Harley D.Botnets:the killer Web app[M].St Louis Mo Syngress Publishing,2006
[11] Wang Y,et al.A semantics aware approach to automated re-verse engineering unknown protocols[C]∥20th IEEE International Conference on Network Protocols(ICNP 2012).Austin,TX,USA:IEEE,2012:1-10
[12] Wang Y,Zhang N,Wu Y,et al.Protocol Specification Inference Based on Keywords Identification[M]∥Advanced Data Mining and Applications.Springer Berlin Heidelberg,2013:443-454
[13] Kang H J,Kim M S,Hong J W K.A method on multimediaservice traffic monitoring and analysis [C]∥Proc.of International Workshop on Distributed System,Operations and Mana-gement.2003:93-105
[14] Van Der M J,Caceres R,Chu Y,et al.Mmdump:A tool for monitoring Internet multimedia traffic[J].ACM SIGCOMM Computer Communication Review,2000,30(5):48-59
[15] 李雄伟,王希武,王盼卿.基于模式串匹配的Ethernet协议识别算法研究[J].计算机工程与应用,2007,3(29):143-145Li Xiong-wei,Wang Xi-wu,Wang Pan-qing.Ethernet protocolidentification algorithm based on pattern matching[J].Computer Engineering and Applications,2007,43(29):143-145
[16] 何畏,汪荣贵,查全民.一种新的快速移动单模式匹配算法[J].合肥工业大学学报(自然科学版),2010,3(5):665-669 He Wei,Wang Rong-gui,Zha Quan-min.A novel fast moving algorithm for single pattern matching[J].Journal of Hefei University of Technology(Natural Science),2010,33(5):665-669
[17] 朱姣姣,叶猛.多模式匹配及其改进算法在协议识别中的应用[J].电视技术,2012,6(7):60-63 Zhu Jiao-jiao,Ye Meng.Multi-pattern Matching and Application of Improved Algorithm to Protocol Identification [J].Video Engineering,2012,36(7):60-63
[18] 张之远,叶文晨,陈云寰.基于多模式匹配的状态检测技术[J].电子测量技术,2010,3(11):98-101 Zhang Zhi-yuan,Ye Wen-chen,Chen Yun-huan.Technology of stateful inspection based on the multi-pattern matching [J].Electronic Measurement Technology,2010,33(11):98-101
[19] 王勇,吴艳梅,李芬,等.面向比特流数据的未知协议关联分析与识别[J].计算机应用研究,2015,2(1):243-248 Wang Yong,Wu Yan-mei,Li Fen,et al.Protocol identification association analysis in mobile network environment[J].Application Research of Computers,2015,32(1):243-248
[20] 琚玉建,谢绍斌,张薇.网络协议帧切分优化过程研究与仿真[J].计算机仿真,2015,2(1):318-321 Ju Yu-jian,Xie Shao-bin,Zhang Wei.Research and Simulation of Optimization Process for Network Protocol Frame Segmentation[J].Computer Simulation,2015,2(1):318-321

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!