计算机科学 ›› 2015, Vol. 42 ›› Issue (11): 184-187.doi: 10.11896/j.issn.1002-137X.2015.11.038
郑杰,朱 强
ZHENG Jie and ZHU Qiang
摘要: 网 络协议是网络通信中一系列标准的集合,未知协议的识别和分析对网络监管、保障网络安全具有重大意义。协议识别技术多种多样,但在协议的分析识别过程中,为了实现协议的简单高效识别,通常需要将未知混合多协议分离为单协议,然后再进行进一步的识别。在将未知混合数据帧分离为单协议的基础上,提出了一种高效的确定单协议位置信息的方法,即进一步将单协议的数据帧按地址分为点对点数据帧,从而实现未知协议的最终识别。最后通过分析ARP、TCP数据对该方法进行评估,结果表明采用该方法可以找到2/3以上的地址信息。
| [1] 官建文.中国移动互联网发展报告[M].社会科学文献出版社,2012 Guan Jian-wen.Report on the development situation of China Mobile Internet[M].Social Sciences Acadmeic Press,2012 [2] 朱树永.协议识别技术研究[D].长沙:国防科技大学,2008 Zhu Shu-yong.The study on protocol identification technology[D].Changsha:National University of Defense Technology,2008 [3] IANA.http://www.iana.org/assignments/port-umbers [4] Liu R T,Huang N F,Chen C H,et al.A fast string-matching algorithm for network processor-based intrusion detection system[J].ACM Transactions on Embedded Computing Systems,2004,3(3):614-633 [5] IANA.Internet Assigned Numbers Authority.http:/www.iana.org/assignments/port-numbers [6] Kim M S,Won Y J,Hong J W K.Application-level traffic monitoring and an analysis on IP networks[J].ETRI Journal,2005,27(1):22-42 [7] Chen C C,Wang S D.An efficient multicharacter transitionstring-matching engine based on the Aho-Corasick Algorithm [J].ACM Transactions on Architecture and Code Optimization,2013,10(4):1-22 [8] 刘佳雄.基于DPI和DFI技术的对等流量识别系统的设计[D].秦皇岛:燕山大学,2010 Liu Jia-xiong.The design for a real-time P2P traffic detection system based on DPI and DFI[D].Qinhuangdao:Yanshan University,2010 [9] Sen S,Spatscheck O,Wang Dong-mei.Accurate,scalable in network identification of P2P traffic using application signatures[C]∥Proc of the 13th International World Wide Web Confe-rence.2004:512-521 [10] Schiller A C,Binkley J,Harley D.Botnets:the killer Web app[M].St Louis Mo Syngress Publishing,2006 [11] Wang Y,et al.A semantics aware approach to automated re-verse engineering unknown protocols[C]∥20th IEEE International Conference on Network Protocols(ICNP 2012).Austin,TX,USA:IEEE,2012:1-10 [12] Wang Y,Zhang N,Wu Y,et al.Protocol Specification Inference Based on Keywords Identification[M]∥Advanced Data Mining and Applications.Springer Berlin Heidelberg,2013:443-454 [13] Kang H J,Kim M S,Hong J W K.A method on multimediaservice traffic monitoring and analysis [C]∥Proc.of International Workshop on Distributed System,Operations and Mana-gement.2003:93-105 [14] Van Der M J,Caceres R,Chu Y,et al.Mmdump:A tool for monitoring Internet multimedia traffic[J].ACM SIGCOMM Computer Communication Review,2000,30(5):48-59 [15] 李雄伟,王希武,王盼卿.基于模式串匹配的Ethernet协议识别算法研究[J].计算机工程与应用,2007,3(29):143-145Li Xiong-wei,Wang Xi-wu,Wang Pan-qing.Ethernet protocolidentification algorithm based on pattern matching[J].Computer Engineering and Applications,2007,43(29):143-145 [16] 何畏,汪荣贵,查全民.一种新的快速移动单模式匹配算法[J].合肥工业大学学报(自然科学版),2010,3(5):665-669 He Wei,Wang Rong-gui,Zha Quan-min.A novel fast moving algorithm for single pattern matching[J].Journal of Hefei University of Technology(Natural Science),2010,33(5):665-669 [17] 朱姣姣,叶猛.多模式匹配及其改进算法在协议识别中的应用[J].电视技术,2012,6(7):60-63 Zhu Jiao-jiao,Ye Meng.Multi-pattern Matching and Application of Improved Algorithm to Protocol Identification [J].Video Engineering,2012,36(7):60-63 [18] 张之远,叶文晨,陈云寰.基于多模式匹配的状态检测技术[J].电子测量技术,2010,3(11):98-101 Zhang Zhi-yuan,Ye Wen-chen,Chen Yun-huan.Technology of stateful inspection based on the multi-pattern matching [J].Electronic Measurement Technology,2010,33(11):98-101 [19] 王勇,吴艳梅,李芬,等.面向比特流数据的未知协议关联分析与识别[J].计算机应用研究,2015,2(1):243-248 Wang Yong,Wu Yan-mei,Li Fen,et al.Protocol identification association analysis in mobile network environment[J].Application Research of Computers,2015,32(1):243-248 [20] 琚玉建,谢绍斌,张薇.网络协议帧切分优化过程研究与仿真[J].计算机仿真,2015,2(1):318-321 Ju Yu-jian,Xie Shao-bin,Zhang Wei.Research and Simulation of Optimization Process for Network Protocol Frame Segmentation[J].Computer Simulation,2015,2(1):318-321 |
| No related articles found! |
|
||
首页