计算机科学 ›› 2016, Vol. 43 ›› Issue (8): 39-44.doi: 10.11896/j.issn.1002-137X.2016.08.008

• 网络与通信 • 上一篇    下一篇

零知识下的比特流未知协议分类模型

张凤荔,周洪川,张俊娇,刘渊,张春瑞   

  1. 电子科技大学信息与软件工程学院 成都611731,电子科技大学信息与软件工程学院 成都611731,电子科技大学信息与软件工程学院 成都611731,中国工程物理研究院计算机应用研究所 绵阳621900,中国工程物理研究院计算机应用研究所 绵阳621900
  • 出版日期:2018-12-01 发布日期:2018-12-01
  • 基金资助:
    本文受NASF基金资助

Unknown Bit-stream Protocol Classification Model with Zero-knowledge

ZHANG Feng-li, ZHOU Hong-chuan, ZHANG Jun-jiao, LIU Yuan and ZHANG Chun-rui   

  • Online:2018-12-01 Published:2018-12-01

摘要: 针对在零知识下识别比特流未知协议这一问题,提出了一种协议分类模型。该模型首先利用二进制流的固有特性来计算协议种类个数近似值K和初始聚类中心,然后使用改进的K-Means聚类算法指定K及初始聚类中心以进行聚类,最后使用基于信息熵的混杂度评价方法对聚类结果进行评价,可将评价结果较好的类簇作为一种协议类型进行标记,用于其他分析。使用林肯实验室发布的实验数据进行测试,结果表明该模型能以较高的准确率对未知协议进行分类,基于信息熵的类簇评价方法也具有一定实用性。

关键词: K-Means聚类,未知协议识别,K值计算,聚类结果评估

Abstract: To solve the difficult problem of unknown bit-stream protocol identification with zero knowledge,a protocol classification model was proposed.Firstly,this model calculates the approximation of parameter K and the initial cluster center using the inherent features of bit-stream,then uses the improved K-Means to cluster data set into different clusters by specifying the parameter K and the initial center,and finally evaluates the results of clustering by a hybrid evaluation method based on information entropy.The clusters with good evaluation results can be marked and used to study further.Testing data set published by the Lincoln laboratory shows that unknown bit-stream protocols can be classified with high accuracy by this model,and the evaluation method based on information entropy is also useful and effective.

Key words: K-Means,Unknown protocol identification,K value calculation,Evaluation of clustering results

[1] Luo Cheng,Zhang Yu-qing,Wang Long,et al.Automatic network protocol analysis and vulnerability discovery based on symbolic expression[J].Journal of Graduate University of Chinese Academy of Science,2013,30(2):278-284(in Chinese) 罗成,张玉清,王龙,等.基于符号表达式的未知协议格式分析及漏洞挖掘[J].中国科学院研究生院学报,2013,0(2):278-284
[2] Song Jiang.Unknown protocol identification in wireless environ-ment[D].Chengdu: University of Electronic Science and Technology of China,2013(in Chinese) 宋疆.无线网络环境下未知协议发现探索研究[D].成都:电子科技大学,2013
[3] Jin Ling.Study on Bit Stream Oriented Unknown Frame Head Identification[D].Shanghai:Shanghai Jiaotong University,2011(in Chinese) 金凌.面向比特流的未知帧头识别技术研究[D].上海:上海交通大学,2011
[4] Wang Yong,Wu Yan-mei,Li Fen,et al.Protocol identification association analysis in mobile network environment[J].Application Research of Computers,2015,2(1):243-248(in Chinese) 王勇,吴艳梅,李芬,等.面向比特流数据的未知协议关联分析与识别[J/OL].计算机应用研究,2015,2(1):243-248
[5] 谢希仁.计算机网络(第五版)[M].北京:电子工业出版社,2008:23-30
[6] Wang Yang-de.Study on Bit Stream Oriented Protocol FramHead Identificaiton[D].Shanghai:Shanghai Jiaotong University,2013(in Chinese) 王杨德.面向比特流的协议帧头结构分析研究[D].上海:上海交通大学,2013
[7] Meng Fan-zhi,Liu Yuan,Zhang Chun-rui,et al.Inferring protocol state machine for binary communication protocol[C]∥2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA).Ottawa,ON:IEEE,2014:870-874
[8] He Yong-jun,Shu Hui,Xiong Xiao-bing.Protocol Reverse Engi-neering Based on DynamoRIO[C]∥International Conference on Information and Multimedia Technology,2009(ICIMT 09).Jeju Island:IEEE,2009:310-314
[9] Wang Yi-peng,Yun Xiao-chun, Shafiq M Z,et al.A semantics aware approach to automated reverse engineering unknown protocols[C]∥2012 20th IEEE International Conference on Network Protocols (ICNP).Austin,TX:IEEE,2012:1-10
[10] Cui W,Vern P,Weaver N,et al.Protocol-independent adaptive replay of application dialog[C]∥The 13thAnnual Network and Distributed System Security Symposium (NDSS).San Diego,2006:126-141
[11] Newsome J,Brumley D,Frankinlin J,et al.Replayer:automatic protocol replay by binary analysis[C]∥Proc of ACM Confe-rence on Computer and Communications Security.NewYork,2006:311-321
[12] Juan C,Heng Yin,Liang Zhen-kai,et al.Polyglot:Automatic extraction of protocol message formatusing dynamic binary analysis[C]∥Proceedings of the 14thACM Conference on Computer and Communications Security.Washington,DC,2007:317-329
[13] Wang Qian,Wang Cheng,Feng Zhen-yuan,et al.Summary of K-means clustering algorithm[J].Electronic Design Engineering,2012,20(7):21-24(in Chinese) 王千,王成,冯振远,等.K-means聚类算法研究综述[J].电子设计工程,2012,0(7):21-24
[14] Yang Shan-lin,Li Yong-sen,Hu Xiao-xuan,et al.OptimizationStudy on k Value of K-means Algorithm[J].Systems Enginee-ring-Theary & Practice,2006,6(2):97-101(in Chinese) 杨善林,李永森,胡笑旋,等.K-MEANS算法中的K值优化问题研究[J].系统工程理论与实践,2006,26(2):97-101
[15] Huang Xiao-yan,Chen Xing-yuan, Zhu Ning,et al.Binary protocol identification based on weighted byte entropy vector[J].Application Research of Computers,2015,32(2):493-497(in Chinese) 黄笑言,陈性元,祝宁,等.基于字节熵矢量加权指纹的二进制协议识别[J].计算机应用研究,2015,2(2):493-497
[16] Liu Hua-wen.A Study on Feature Selection Algorithms using Information Entropy[D].Changchun:Jilin University,2010(in Chinese) 刘华文.基于信息熵的特征选择算法研究[D].长春:吉林大学,2010

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!