计算机科学 ›› 2016, Vol. 43 ›› Issue (8): 39-44.doi: 10.11896/j.issn.1002-137X.2016.08.008
张凤荔,周洪川,张俊娇,刘渊,张春瑞
ZHANG Feng-li, ZHOU Hong-chuan, ZHANG Jun-jiao, LIU Yuan and ZHANG Chun-rui
摘要: 针对在零知识下识别比特流未知协议这一问题,提出了一种协议分类模型。该模型首先利用二进制流的固有特性来计算协议种类个数近似值K和初始聚类中心,然后使用改进的K-Means聚类算法指定K及初始聚类中心以进行聚类,最后使用基于信息熵的混杂度评价方法对聚类结果进行评价,可将评价结果较好的类簇作为一种协议类型进行标记,用于其他分析。使用林肯实验室发布的实验数据进行测试,结果表明该模型能以较高的准确率对未知协议进行分类,基于信息熵的类簇评价方法也具有一定实用性。
[1] Luo Cheng,Zhang Yu-qing,Wang Long,et al.Automatic network protocol analysis and vulnerability discovery based on symbolic expression[J].Journal of Graduate University of Chinese Academy of Science,2013,30(2):278-284(in Chinese) 罗成,张玉清,王龙,等.基于符号表达式的未知协议格式分析及漏洞挖掘[J].中国科学院研究生院学报,2013,0(2):278-284 [2] Song Jiang.Unknown protocol identification in wireless environ-ment[D].Chengdu: University of Electronic Science and Technology of China,2013(in Chinese) 宋疆.无线网络环境下未知协议发现探索研究[D].成都:电子科技大学,2013 [3] Jin Ling.Study on Bit Stream Oriented Unknown Frame Head Identification[D].Shanghai:Shanghai Jiaotong University,2011(in Chinese) 金凌.面向比特流的未知帧头识别技术研究[D].上海:上海交通大学,2011 [4] Wang Yong,Wu Yan-mei,Li Fen,et al.Protocol identification association analysis in mobile network environment[J].Application Research of Computers,2015,2(1):243-248(in Chinese) 王勇,吴艳梅,李芬,等.面向比特流数据的未知协议关联分析与识别[J/OL].计算机应用研究,2015,2(1):243-248 [5] 谢希仁.计算机网络(第五版)[M].北京:电子工业出版社,2008:23-30 [6] Wang Yang-de.Study on Bit Stream Oriented Protocol FramHead Identificaiton[D].Shanghai:Shanghai Jiaotong University,2013(in Chinese) 王杨德.面向比特流的协议帧头结构分析研究[D].上海:上海交通大学,2013 [7] Meng Fan-zhi,Liu Yuan,Zhang Chun-rui,et al.Inferring protocol state machine for binary communication protocol[C]∥2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA).Ottawa,ON:IEEE,2014:870-874 [8] He Yong-jun,Shu Hui,Xiong Xiao-bing.Protocol Reverse Engi-neering Based on DynamoRIO[C]∥International Conference on Information and Multimedia Technology,2009(ICIMT 09).Jeju Island:IEEE,2009:310-314 [9] Wang Yi-peng,Yun Xiao-chun, Shafiq M Z,et al.A semantics aware approach to automated reverse engineering unknown protocols[C]∥2012 20th IEEE International Conference on Network Protocols (ICNP).Austin,TX:IEEE,2012:1-10 [10] Cui W,Vern P,Weaver N,et al.Protocol-independent adaptive replay of application dialog[C]∥The 13thAnnual Network and Distributed System Security Symposium (NDSS).San Diego,2006:126-141 [11] Newsome J,Brumley D,Frankinlin J,et al.Replayer:automatic protocol replay by binary analysis[C]∥Proc of ACM Confe-rence on Computer and Communications Security.NewYork,2006:311-321 [12] Juan C,Heng Yin,Liang Zhen-kai,et al.Polyglot:Automatic extraction of protocol message formatusing dynamic binary analysis[C]∥Proceedings of the 14thACM Conference on Computer and Communications Security.Washington,DC,2007:317-329 [13] Wang Qian,Wang Cheng,Feng Zhen-yuan,et al.Summary of K-means clustering algorithm[J].Electronic Design Engineering,2012,20(7):21-24(in Chinese) 王千,王成,冯振远,等.K-means聚类算法研究综述[J].电子设计工程,2012,0(7):21-24 [14] Yang Shan-lin,Li Yong-sen,Hu Xiao-xuan,et al.OptimizationStudy on k Value of K-means Algorithm[J].Systems Enginee-ring-Theary & Practice,2006,6(2):97-101(in Chinese) 杨善林,李永森,胡笑旋,等.K-MEANS算法中的K值优化问题研究[J].系统工程理论与实践,2006,26(2):97-101 [15] Huang Xiao-yan,Chen Xing-yuan, Zhu Ning,et al.Binary protocol identification based on weighted byte entropy vector[J].Application Research of Computers,2015,32(2):493-497(in Chinese) 黄笑言,陈性元,祝宁,等.基于字节熵矢量加权指纹的二进制协议识别[J].计算机应用研究,2015,2(2):493-497 [16] Liu Hua-wen.A Study on Feature Selection Algorithms using Information Entropy[D].Changchun:Jilin University,2010(in Chinese) 刘华文.基于信息熵的特征选择算法研究[D].长春:吉林大学,2010 |
No related articles found! |
|