计算机科学 ›› 2015, Vol. 42 ›› Issue (10): 60-64.
郑杰,李建平
ZHENG Jie and LI Jian-ping
摘要: 网络协议是网络通信中一系列标准的集合,未知协议的识别和分析对网络监管、保障网络安全具有重大意义。协议识别技术多种多样,但大都不适用于二进制的协议识别。在此针对现有的协议识别技术的局限性,提出了一种在双方单协议通信环境下的多种类型二进制数据帧的协议识别方法。该方法首先利用n-gram技术对数据帧进行分割,然后利用无监督的特征选择算法提取特征串集合,从而利用聚类算法实现协议消息的识别。最后在ICMP上对该方法进行评估,消息识别的准确率和召回率均可达到90%以上。
[1] 牟乔.准确高效的应用层协议分析识别方法[J].计算机工程与程序,2010,2(8):39-45 Mou Qiao.A Suite of Precise and Effcient Analyzing Techniques for Application Protocols[J].Computer Engineering and Science,2010,32(8):39-45 [2] IANA.http://www.iana.org/assignments/port—num-bers [3] Liu R T,Huang N F,Chen C H,et al.A fast string-matching algorithm for network processor-based intrusion detection system[J].ACM Transactions on Embedded Computing Systems,2004,3(3):614-633 [4] IANA.Internet Assigned Numbers Authority.http://www.iana.org/assignments/port-numbers [5] Kim M S,Won Y J,Hong J W K.Application-level traffic monitoring and an analysis on IP networks[J].ETRI Journal,2005,27(1):22-42 [6] Chen C C,Wang S D.An efficient multicharacter transitionstring-matching engine based on the Aho-Corasick Algorithm [J].ACM transactions on architecture and code optimization,2013,10(4):1-22 [7] Wright C,Monrose F,Masson G M.HMM profiles for network traffic classification[C]∥Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security.New York,USA,ACM,2004:9-15 [8] Wright C,Monrose F,Masson G M.Towards better protocolidentification using profile HMMs:JHU-SPAR051201 [R].2005:325-328 [9] Bernaille L,Teixera R,Akodkenou I,et al.Traffic classification on the fly[J].ACM SIGCOMM Computer Communication Review,2006,36(2):23-26 [10] Zander S,Nguyen T,Armitage G.Self-learning IP traffic classification based on statistical flow characteristics[M]∥Passive and Active Network Measurement.Heidelberg,Germany:Springer,2005 [11] Peltola H,Tarhio J.String matching with lookahead [J].Discrete applied mathematics,2014,163(1):352-360 [12] Giaquinta E,Fredriksson K,Grabowski S,et al.Motif matching using gapped patterns [J].Theoretical Computer Science,2014,548:1-13 [13] Deyoung M E.Dynamic protocol reverse engineering:a grammatical inference approach [D].Air Force Institute,2008 [14] Nohl K,Evans D,Starbug S,et al.Reverse-Engineering a Cryptographic RFID Tag[C]∥USENIX Security Symposium.San Jose,California,USA,2008:185-194 [15] Wang Y,Zhang N,Wu Y,et al.Protocol Specification Inference Based on Keywords Identification[M]∥Advanced Data Mining and Applications.Springer Berlin Heidelberg,2013:443-454 [16] Sen S,Spatscheck O,Wang D.Accurate,scalable in-networkidentification of p2p traffic using application signatures[C]∥Proceedings of the 13th international conference on World Wide Web.New York,USA,ACM,2004:512-521 [17] Wang Y,et al.A semantics aware approach to automated reverse engineering unknown protocols[C]∥ICNP 2012:20th IEEE International Conference on Network Protocols.Austin,TX,USA,IEEE,2012:1-10 [18] Kang H J,Kim M S,Hong J W K.A method on multimediaservice traffic monitoring and analysis [M]∥Self-Managing Distributed Systems.Heidelberg,Germany:Springer,2003 [19] Van Der Merwe J,Caceres R,et al.Mmdump:A tool for monitoring Internet multimedia traffic[J].ACM SIGCOMM Computer Communication Review,2000,30(5):48-59 |
No related articles found! |
|